0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Hands-On Security in DevOps

You're reading from Hands-On Security in DevOps Ensure continuous security, deployment, and delivery with DevSecOps

Product type Paperback

Published in Jul 2018

Publisher

ISBN-13 9781788995504

Length 356 pages

Edition 1st Edition

Concepts

DevOps

Author (1):

Hsu

View More author details

Table of Contents (23) Chapters

Preface

1. DevSecOps Drivers and Challenges FREE CHAPTER

2. Security Goals and Metrics

3. Security Assurance Program and Organization

4. Security Requirements and Compliance

5. Case Study - Security Assurance Program

6. Security Architecture and Design Principles

7. Threat Modeling Practices and Secure Design

8. Secure Coding Best Practices

9. Case Study - Security and Privacy by Design

10. Security-Testing Plan and Practices

11. Whitebox Testing Tips

12. Security Testing Toolkits

13. Security Automation with the CI Pipeline

14. Incident Response

15. Security Monitoring

16. Security Assessment for New Releases

17. Threat Inspection and Intelligence

18. Business Fraud and Service Abuses

19. GDPR Compliance Case Study

20. DevSecOps - Challenges, Tips, and FAQs

21. Assessments

22. Other Books You May Enjoy

Leave a review - let other readers know what you think

Further reading

Consider reading the following links for more information:

US CERT WhiteBox Testing: https://www.us-cert.gov/bsi/articles/best-practices/white-box-testing/white-box-testing.
Security Code Scan – static code analyzer for .NET: https://security-code-scan.github.io/
SEI CERT Coding Standards: https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards.
Find Security Bugs: http://find-sec-bugs.github.io/.
DevBug is an on-line PHP secure code analysis (SCA): http://www.devbug.co.uk/.
MITRE Secure Code Review: https://www.mitre.org/publications/systems-engineering-guide/enterprise-engineering/systems-engineering-for-mission-assurance/secure-code-review.
MITRE Cyber Threat Susceptibility Assessment: https://www.mitre.org/publications/systems-engineering-guide/enterprise-engineering/systems-engineering-for-mission-assurance/cyber-threat-susceptibility...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (1)

Hsu

Hsu

Tony Hsiang-Chih Hsu is a senior security architect, software development manager, and project manager with more than 20 years' experience in security services technology. He has extensive experience of the Secure Software Development Lifecycle (SSDLC) in relation to activities including secure architecture/design review, secure code review, threat modeling, automated security testing, and cloud service inspection. He is also an in-house SDL trainer, having offered hands-on courses totaling in more than 300 hours. He is also the author of Hands-on Security in DevOps, and a co-author of several Open Web Application Security Project (OWASP) projects, including the OWASP testing guide, a proactive control guide, deserialization, cryptographic, and the XXE prevention cheatsheet.

See other products by Hsu

Other recommended products

Related to this chapter

Practical Security Automation and Testing

Practical Security Automation and Testing

Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention.

Feb 2019 8h 32m

Practical Cyber Intelligence

Practical Cyber Intelligence

Cyber intelligence is the missing link between your cyber defense operation teams, threat intelligence, and IT operations to provide your organization with a full spectrum of defensive capabilities. This book kicks off with the need for cyber intelligence and why it is required in terms of a defensive framework.

Mar 2018 10h 44m

CISSP (ISC)² Certification Practice Exams and Tests

CISSP (ISC)² Certification Practice Exams and Tests

With over 1000 practice questions, explanations of all 8 domains, and 2 full exams, this book is a fantastic exam prep solution. Take the CISSP exam (version May 2021) confidently with the help of mock questions and detailed solutions and validate your skills with the CISSP (ISC)2 certification.

Sep 2021 13h 12m

Information Security Handbook

Information Security Handbook

Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book covers the concept of information security, and shows you why it's important.

Dec 2017 11h 0m

IoT Penetration Testing Cookbook

IoT Penetration Testing Cookbook

IoT is an upcoming trend in the IT industry today; there are a lot of IoT devices on the market but there is a minimal understanding of how to safeguard them. If you are a security enthusiast or pentester, this book will help you understand how to exploit and secure IoT devices. You will learn how to identify vulnerabilities in IoT device architecture and firmware using software and hardware pentesting techniques, and you'll also focus on various IoT exploitation techniques and security automation.

Nov 2017 15h 4m

Security Automation with Ansible 2

Security Automation with Ansible 2

Security automation is one of the most interesting skills to have nowadays. With over 750 automation modules, Ansible makes it easy for you to secure any part of your system—be it setting firewalls, providing authentication to users and groups, or setting custom security policies. It allows you to write automation procedures once and use them across your entire infrastructure. This book will teach you the best way to use Ansible for seemingly complex tasks by using the various building blocks available and creating solutions that are easy to teach others, store for later, perform version control on, and repeat.

Dec 2017 12h 8m

Network Vulnerability Assessment

Network Vulnerability Assessment

Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model.

Aug 2018 8h 28m

Practical Industrial Internet of Things Security

Practical Industrial Internet of Things Security

This book provides you with a comprehensive understanding of Industrial IoT security; and practical methodologies to implement safe, resilient cyber-physical systems. It will help you develop a strong foundation and deeper insights on the entire gamut of securing connected industries, from the edge to the cloud.

Jul 2018 10h 48m

Infosec Strategies and Best Practices

Infosec Strategies and Best Practices

Information security strategies and best practices help in filling the gap that exists between theory and reality. The book starts by showing you how to implement risk management and governance structures into your organization and goes on to cover the best methods for operationalizing your information security strategy.

Cloud Security Automation

Cloud Security Automation

In the current market, enterprise organizations are moving rapidly towards the cloud infrastructure because of its flexibility and cost effectiveness. Hence, it has become extremely important to have a security framework in place. Automating security functions will play a key role when it comes to cloud governance. This book supplies best security practices for locking down your public and private cloud.

Mar 2018 11h 8m

Practical Internet of Things Security

Practical Internet of Things Security

This book will take you on a journey that begins with understanding the IoT and how it can be applied in various industries, goes on to describe the security challenges associated with the IoT, and then provides a set of guidelines to architecting and deploying a secure IoT in your enterprise. The book showcases how the IoT is implemented in early-adopting industries and describes how lessons can be learned and shared across diverse industries to support a secure IoT.

Nov 2018 12h 44m

Incident Response in the Age of Cloud

Incident Response in the Age of Cloud

This book is a comprehensive guide for organizations on how to prepare for cyber-attacks and control cyber threats and network security breaches in a way that decreases damage, recovery time, and costs, facilitating the adaptation of existing strategies to cloud-based environments.

Feb 2021 20h 44m

Personalised recommendations for you

Based on your interests and search pattern

Mastering PowerShell Scripting

Mastering PowerShell Scripting

PowerShell scripts provides a convenient method for automating tasks, using them proficiently can be challenging. This all-inclusive guide begins at the basics and covers advanced concepts, equipping you with tips to become an expert in PowerShell Core 7.3 scripting.

May 2024 27h 32m

Network Automation with Nautobot

Network Automation with Nautobot

This book will help you understand why a network source of truth is needed for long-term network automation success, which will in turn save you hundreds of hours in deploying and integrating Nautobot into network automation.

May 2024 27h 12m

NGINX HTTP Server

NGINX HTTP Server

Explore the power of NGINX with this guide covering an array of essential practical topics, including securing your infrastructure with automatic TLS certificates, placing NGINX in front of your existing applications, and much more.

May 2024 8h 44m

Mastering Azure Virtual Desktop

Mastering Azure Virtual Desktop

This updated edition will help you plan an Azure Virtual Desktop Architecture, implement its infrastructure, and manage its access and security. With content aligned with the exam objectives, it'll help you ace the Microsoft AZ-140 exam.

Jul 2024 23h 56m

Learn Ansible will teach you how to write Ansible Playbooks for deploying simple apps. This updated edition covers the latest Ansible features, helping you confidently implement Ansible in your daily workflows.

May 2024 13h 48m

HashiCorp Terraform Associate (003) Exam Guide

HashiCorp Terraform Associate (003) Exam Guide

This book will help you explore HashiCorp Terraform and prepare for Associate (003) certification, from understanding core concepts to advanced modules. You'll gain hands-on expertise, troubleshoot with confidence, and more.

May 2024 11h 28m

Kubernetes – An Enterprise Guide

Kubernetes – An Enterprise Guide

Navigate the complexities of Kubernetes and fully leverage its capabilities for enterprise applications. This edition dives into advanced deployments, groundbreaking techniques, and insights that will elevate your skills and redefine your expertise.

Aug 2024 22h 44m

Atlassian DevOps Toolchain Cookbook

Atlassian DevOps Toolchain Cookbook

Master setting up a DevOps toolchain using Atlassian tools and Open DevOps as a framework with this recipe-driven guide to automated testing, integration, deployment, observability, and incident management for streamlining development processes.

Jul 2024 16h 48m

AWS Certified Developer Associate Certification and Beyond

AWS Certified Developer Associate Certification and Beyond

This is your guide to passing the challenging AWS Certified Developer – Associate certification exam and setting yourself up for a rewarding career. Through a sample project, it explains how to design, architect, and implement applications on AWS.

Jul 2024 23h 40m

Implementing GitOps with Kubernetes

Implementing GitOps with Kubernetes

This book provides step-by-step tutorials and hands-on examples for effectively implementing GitOps practices in your Kubernetes deployments. You'll learn how to automate, monitor, and secure your infrastructure for efficient application delivery.

Aug 2024 14h 48m