Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Implementing DevSecOps Practices
  • Table Of Contents Toc
  • Feedback & Rating feedback
Implementing DevSecOps Practices

Implementing DevSecOps Practices

By : Vandana Verma Sehgal
4.6 (9)
Buy this Book
close
close
Implementing DevSecOps Practices

Implementing DevSecOps Practices

4.6 (9)
By: Vandana Verma Sehgal
Buy this Book

Overview of this book

DevSecOps is built on the idea that everyone is responsible for security, with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context. This practice of integrating security into every stage of the development process helps improve both the security and overall quality of the software. This book will help you get to grips with DevSecOps and show you how to implement it, starting with a brief introduction to DevOps, DevSecOps, and their underlying principles. After understanding the principles, you'll dig deeper into different topics concerning application security and secure coding before learning about the secure development lifecycle and how to perform threat modeling properly. You’ll also explore a range of tools available for these tasks, as well as best practices for developing secure code and embedding security and policy into your application. Finally, you'll look at automation and infrastructure security with a focus on continuous security testing, infrastructure as code (IaC), protecting DevOps tools, and learning about the software supply chain. By the end of this book, you’ll know how to apply application security, safe coding, and DevSecOps practices in your development pipeline to create robust security protocols.
Table of Contents (25 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Part 1:DevSecOps – What and How?
Icon
Part 1:DevSecOps – What and How?
Lock Free Chapter
2
Chapter 1: Introducing DevSecOps
chevron up
Icon
Chapter 1: Introducing DevSecOps
Icon
Product development processes
Icon
Understanding the shift from DevOps to DevSecOps
Icon
The new processes within DevSecOps
Icon
DevSecOps maturity levels
Icon
KPIs
Icon
DevSecOps – the people aspect
Icon
Summary
Icon
Think and act
3
Part 2: DevSecOps Principles and Processes
Icon
Part 2: DevSecOps Principles and Processes
4
Chapter 2: DevSecOps Principles
Icon
Chapter 2: DevSecOps Principles
Icon
DevSecOps principles
Icon
Challenges within the DevSecOps pipeline that principles can resolve
Icon
Summary
5
Chapter 3: Understanding the Security Posture
Icon
Chapter 3: Understanding the Security Posture
Icon
Understanding your security posture
Icon
Why and what measures we take to secure the environment
Icon
What measures can we take to monitor an environment?
Icon
Where does security stand in the whole development process?
Icon
Summary
6
Chapter 4: Understanding Observability
Icon
Chapter 4: Understanding Observability
Icon
Why do we need observability?
Icon
The key functions of observability
Icon
Linking observability with monitoring
Icon
Challenges around observability
Icon
Making organizations observable
Icon
Summary
7
Chapter 5: Understanding Chaos Engineering
Icon
Chapter 5: Understanding Chaos Engineering
Icon
Introducing chaos engineering
Icon
Techniques involved in chaos engineering
Icon
Measuring the effectiveness of performing chaos engineering
Icon
Tools involved in chaos engineering
Icon
Basic principles of chaos engineering
Icon
How chaos engineering is different from other testing measures
Icon
Summary
8
Part 3:Technology
Icon
Part 3:Technology
9
Chapter 6: Continuous Integration and Continuous Deployment
Icon
Chapter 6: Continuous Integration and Continuous Deployment
Icon
What is a CI/CD pipeline?
Icon
The benefits of CI/CD
Icon
Automating the CI/CD pipeline
Icon
The importance of a CI/CD pipeline
Icon
Summary
10
Chapter 7: Threat Modeling
Icon
Chapter 7: Threat Modeling
Icon
What is threat modeling?
Icon
The importance of threat modeling in the software development lifecycle
Icon
Why should we perform threat modeling?
Icon
Threat modeling techniques
Icon
Integrating threat modeling into DevSecOps
Icon
Open source threat modeling tools
Icon
How threat modeling tools help organizations
Icon
Reasons some organizations don’t use threat modeling
Icon
Summary
11
Chapter 8: Software Composition Analysis (SCA)
Icon
Chapter 8: Software Composition Analysis (SCA)
Icon
What is SCA?
Icon
The importance of SCA
Icon
The benefits of SCA
Icon
Detection of security flaws
Icon
Open source SCA tools
Icon
Discussing past breaches
Icon
Summary
12
Chapter 9: Static Application Security Testing (SAST)
Icon
Chapter 9: Static Application Security Testing (SAST)
Icon
Introduction
Icon
What is SAST?
Icon
Identifying vulnerabilities early in the development process
Icon
Resolving issues without breaking the build
Icon
The benefits of SAST
Icon
The limitations of SAST
Icon
Open source SAST tools
Icon
Case study 1
Icon
Case study 2
Icon
Loss due to not following the SAST process
Icon
Summary
13
Chapter 10: Infrastructure-as-Code (IaC) Scanning
Icon
Chapter 10: Infrastructure-as-Code (IaC) Scanning
Icon
What is IaC?
Icon
The importance of IaC scanning
Icon
IaC security best practices
Icon
IaC in DevSecOps
Icon
Open source IaC tools
Icon
Case study 1 – the Codecov security incident
Icon
Case study 2 – Capital One data breach
Icon
Case study 3 – Netflix environment improvement
Icon
Summary
14
Chapter 11: Dynamic Application Security Testing (DAST)
Icon
Chapter 11: Dynamic Application Security Testing (DAST)
Icon
What is DAST?
Icon
DAST usage for developers
Icon
DAST usage for security testers
Icon
The importance of DAST in secure development environments
Icon
Comparing DAST with other security testing approaches
Icon
Summary
15
Part 4: Tools
Icon
Part 4: Tools
16
Chapter 12: Setting Up a DevSecOps Program with Open Source Tools
Icon
Chapter 12: Setting Up a DevSecOps Program with Open Source Tools
Icon
Techniques used in setting up the program
Icon
Setting up the CI/CD pipeline
Icon
Implementing security controls
Icon
Managing DevSecOps in production
Icon
The benefits of the program
Icon
Summary
17
Part 5: Governance and an Effective Security Champions Program
Icon
Part 5: Governance and an Effective Security Champions Program
18
Chapter 13: License Compliance, Code Coverage, and Baseline Policies
Icon
Chapter 13: License Compliance, Code Coverage, and Baseline Policies
Icon
DevSecOps and its relevance to license compliance
Icon
The distinction between traditional licenses and security implications
Icon
Different types of software licenses
Icon
The impact of software licenses on the DevSecOps pipeline
Icon
How to perform license reviews
Icon
Fine-tuning policies associated with licenses
Icon
Case studies
Icon
Summary
19
Chapter 14: Setting Up a Security Champions Program
Icon
Chapter 14: Setting Up a Security Champions Program
Icon
The Security Champions program
Icon
Who should be a Security Champion?
Icon
The top benefits of starting a Security Champions program
Icon
What does a Security Champion do?
Icon
Security Champions program – why do you need it?
Icon
Shared responsibility models
Icon
The roles of different teams
Icon
Buy-in from the executive
Icon
Measuring the effect of the Security Champions program
Icon
Summary
20
Part 6: Case Studies and Conclusion
Icon
Part 6: Case Studies and Conclusion
21
Chapter 15: Case Studies
Icon
Chapter 15: Case Studies
Icon
Case study 1 – FinTech Corporation
Icon
Case study 2 – Verma Enterprises
Icon
Case study 3 – HealthPlus
Icon
Case study 4 – GovAgency
Icon
Case study 5 – TechSoft
Icon
Common lessons learned and best practices
Icon
Summary
22
Chapter 16: Conclusion
Icon
Chapter 16: Conclusion
Icon
DevSecOps – what and how?
Icon
DevSecOps principles and processes
Icon
DevSecOps tools
Icon
DevSecOps techniques
Icon
Governance and an effective Security Champions program
Icon
Topics covered in this book
Icon
What’s next?
Icon
Case studies and conclusion
23
Index
Icon
Index
Icon
Why subscribe?
24
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

Introducing DevSecOps

DevSecOps is a term that is getting a lot of attention from everywhere. Organizations used to perform product security checks at the end of the software development life cycle (SDLC) before the development of DevOps and DevSecOps. Security was viewed as less important than the other phases because the emphasis was primarily on application development. Most of the other stages would have been completed and the products would be nearly finished by the time engineers performed security checks. Therefore, finding a security threat at such a late stage required rewriting countless lines of code, a painfully time-consuming and laborious task. Patching eventually became the preferred solution, as expected. “As a result, it was assumed nothing could go wrong.

In this chapter, we will learn about the basics of DevSecOps and the different maturity levels involved in the current state and future attainable state of the practice involved in DevSecOps.

We will also cover the following aspects:

  • The involvement of different teams
  • Key performance indicators (KPIs)

We will also cover the evolution of DevOps and DevSecOps in terms of the Waterfall model, understand the agile methodology, and learn how DevSecOps is changing the paradigm for organizations.

In the chapter, we are going to cover the following main topics:

  • Product development processes:
    • Waterfall model
    • Agile methodology
  • DevSecOps and its evolution
  • The new processes within DevSecOps
  • Maturity levels:
    • Maturity level 1
    • Maturity level 2
    • Maturity level 3
    • Maturity level 4
  • KPIs
  • DevSecOps – the people aspect
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Implementing DevSecOps Practices
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon