Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps

Protect your organization's security at all levels by introducing the latest strategies for secured DevOps

Key Features

• Integrate security at every layer of the DevOps pipeline.
• Discover security practices to protect your cloud services by detecting fraud and intrusion
• Practical solutions to infrastructure security using DevOps principles

Book Description

DevOps has brought speed and quality benefits with continuous development and deployment methods but it does not ensure entire organisation's security.

This book will show you how to adopt DevOps techniques to continuously improve your entire organisation's security at every level and not just focus on protecting your infrastructure.This book aims at combining DevOps and security to protect Cloud services. This practical guide will teach you to use techniques to integrate security directly in to your product. This book will also show you how to implement security at every layer like, web application, cloud infrastructure, communication, and delivery pipeline. With the help of practical examples this book will teach you to implement the combination of DevOps and Security. Then, this book will dive deep into teaching you core security aspects like, blocking attacks, fraud detection, Cloud forensics and incident response. Later, this book will cover topics on extending DevOps security like risk assessment, threat modelling and continuous security.

By the end of this book, you will be well-versed with implementing security in all layers of your organisation and will also learn to monitor and block attacks throughout your cloud services.

What you will learn

• Understand DevSecOps challenge, culture, organization
• Learn Security requirements, management and metrics
• Secure architecture design, threat modeling secure coding tools/practices
• Top common security issue, black/white box review tools/practices into CI pipeline
• Work with Security monitoring toolkits, and online fraud detection rules advices
• Take GDPR/PII handling as case study to walk through the whole DevSecOps lifecycle

Who This Book Is For

If you are a system administrator, security consultant or DevOps engineer who are looking at securing your entire organization then this is the book for you. Basic understanding of Cloud computing, automation frameworks and programming skills would be necessary.

在所有層面上保護您的組織安全，引入最新的安全DevOps策略。

主要特點:
- 在DevOps流程的每一層面整合安全性。
- 通過檢測欺詐和入侵，發現保護雲服務的安全實踐。
- 使用DevOps原則實現基礎設施安全的實用解決方案。

書籍描述:
DevOps通過持續開發和部署方法帶來了速度和質量的好處，但並不能確保整個組織的安全性。

本書將向您展示如何採用DevOps技術，持續改進整個組織的安全性，而不僅僅關注保護基礎設施。本書旨在結合DevOps和安全性，以保護雲服務。這本實用指南將教您如何使用技術直接將安全性整合到產品中。本書還將向您展示如何在網絡應用程序、雲基礎設施、通信和交付流程等每一層面實施安全性。通過實際示例，本書將教您如何實施DevOps和安全性的結合。然後，本書將深入探討阻止攻擊、欺詐檢測、雲取證和事件響應等核心安全方面的教學。隨後，本書將涵蓋擴展DevOps安全性的主題，如風險評估、威脅建模和持續安全性。

通過閱讀本書，您將熟悉在組織的所有層面實施安全性，並學會在整個雲服務中監控和阻止攻擊。

您將學到什麼:
- 了解DevSecOps的挑戰、文化和組織。
- 學習安全需求、管理和指標。
- 安全架構設計、威脅建模、安全編碼工具/實踐。
- 將常見的安全問題、黑/白盒審查工具/實踐納入CI流程。
- 使用安全監控工具和在線欺詐檢測規則建議。
- 以GDPR/PII處理為案例研究，深入了解整個DevSecOps生命周期。

本書適合對整個組織的安全性感興趣的系統管理員、安全顧問或DevOps工程師。需要基本的雲計算、自動化框架和編程技能的基礎理解。