Cargando…
Hands-on security in DevOps : ensure continuous security, deployment, and delivery with DevSecOps /
Hands-On Security in DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. By the end of this book, readers will be ready to build security controls at all layers, monitor and respond to attacks on cloud services, and add security organiza...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham, UK :
Packt Publishing,
2018.
|
| Temas: | |
| Acceso en línea: | Texto completo Texto completo |
MARC
| LEADER | 00000cam a2200000Ii 4500 | ||
|---|---|---|---|
| 001 | EBSCO_on1050953457 | ||
| 003 | OCoLC | ||
| 005 | 20231017213018.0 | ||
| 006 | m o d | ||
| 007 | cr unu|||||||| | ||
| 008 | 180906s2018 enka ob 000 0 eng d | ||
| 040 | |a UMI |b eng |e rda |e pn |c UMI |d N$T |d OCLCF |d STF |d TEFOD |d CEF |d G3B |d EBLCP |d MERUC |d UAB |d UKAHL |d OCLCQ |d UX1 |d K6U |d NLW |d OCLCO |d OCLCQ | ||
| 019 | |a 1175622495 | ||
| 020 | |a 9781788992411 |q (electronic bk.) | ||
| 020 | |a 1788992415 |q (electronic bk.) | ||
| 020 | |z 9781788995504 | ||
| 020 | |a 1788995503 |q (Trade Paper) | ||
| 020 | |a 9781788995504 | ||
| 024 | 3 | |a 9781788995504 | |
| 029 | 1 | |a AU@ |b 000065529929 | |
| 035 | |a (OCoLC)1050953457 |z (OCoLC)1175622495 | ||
| 037 | |a CL0500000989 |b Safari Books Online | ||
| 037 | |a 99ECEB87-6778-4575-9D7E-C4E6F8CE644F |b OverDrive, Inc. |n http://www.overdrive.com | ||
| 050 | 4 | |a HD30.2 | |
| 072 | 7 | |a COM |x 053000 |2 bisacsh | |
| 082 | 0 | 4 | |a 005.8 |2 23 |
| 049 | |a UAMI | ||
| 100 | 1 | |a Hsu, Tony, |e author. | |
| 245 | 1 | 0 | |a Hands-on security in DevOps : |b ensure continuous security, deployment, and delivery with DevSecOps / |c Tony Hsu. |
| 246 | 3 | |a Hands-on security in Development Operations | |
| 264 | 1 | |a Birmingham, UK : |b Packt Publishing, |c 2018. | |
| 300 | |a 1 online resource (1 volume) : |b illustrations | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 588 | 0 | |a Online resource; title from title page (Safari, viewed August 29, 2018). | |
| 504 | |a Includes bibliographical references. | ||
| 505 | 0 | |a Cover; Title Page; Copyright and Credits; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: DevSecOps Drivers and Challenges; Security compliance; ISO 27001; Cloud Security Alliance (CSA); Federal Information Processing Standards (FIPS); Center for Internet Security (CIS) and OpenSCAP -- securing your infrastructure; National Checklist Program (NCP) repository; OpenSCAP tools; Legal and security compliance; New technology (third-party, cloud, containers, and virtualization); Virtualization; Dockers; Infrastructure as Code (IaC); Cloud services hacks/abuse | |
| 505 | 8 | |a Case study -- products on saleWhat do hackers do?; Rapid release; Summary; Questions; Further reading; Chapter 2: Security Goals and Metrics; Organization goal; Strategy and metrics; Policy and compliance; Education and guidance; Development goal/metrics; Threat assessment; Threat assessment for GDPR; Deliverables and development team self-assessment; Security requirements; QA goal/metrics; Design review; Implementation review; Third-party components; IDE-plugin code review; Static code review; Target code review; Security testing; Operation goal/metrics; Issue management | |
| 505 | 8 | |a Environment HardeningSecure configuration baseline; Constant monitoring mechanism; Operational enablement; Code signing for application deployment; Application communication ports matrix; Application configurations; Summary; Questions; Further reading; Chapter 3: Security Assurance Program and Organization; Security assurance program; SDL (Security Development Lifecycle); OWASP SAMM; Security guidelines and processes; Security growth with business; Stage 1 -- basic security control; Stage 2 -- building a security testing team; Stage 3 -- SDL activities; Stage 4 -- self-build security services | |
| 505 | 8 | |a Stage 5 -- big data security analysis and automationRole of a security team in an organization; Security office under a CTO; Dedicated security team; Case study -- a matrix, functional, or taskforce structure; Security resource pool; Security technical committee (taskforce); Summary; Questions; Further reading; Chapter 4: Security Requirements and Compliance; Security requirements for the release gate; Release gate examples; Common Vulnerability Scoring System (CVSS); Security requirements for web applications; OWASP Application Security Verification Standard (ASVS); Security knowledge portal | |
| 505 | 8 | |a Security requirements for big dataBig data security requirements; Big data technical security frameworks; Privacy requirements for GDPR; Privacy Impact Assessment (PIA); Privacy data attributes; Example of a data flow assessment; GDPR security requirements for data processor and controller; Summary; Questions; Further reading; Chapter 5: Case Study -- Security Assurance Program; Security assurance program case study; Microsoft SDL and SAMM; Security training and awareness; Security culture; Web security frameworks; Baking security into DevOps; Summary; Questions; Further reading | |
| 520 | |a Hands-On Security in DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. By the end of this book, readers will be ready to build security controls at all layers, monitor and respond to attacks on cloud services, and add security organization-wide through risk management and training. | ||
| 590 | |a eBooks on EBSCOhost |b EBSCO eBook Subscription Academic Collection - Worldwide | ||
| 590 | |a O'Reilly |b O'Reilly Online Learning: Academic/Public Library Edition | ||
| 650 | 0 | |a Information technology |x Management. | |
| 650 | 0 | |a Computer networks |x Security measures. | |
| 650 | 0 | |a Computer networks |x Access control. | |
| 650 | 6 | |a Technologie de l'information |x Gestion. | |
| 650 | 6 | |a Réseaux d'ordinateurs |x Sécurité |x Mesures. | |
| 650 | 7 | |a Operational research. |2 bicssc | |
| 650 | 7 | |a Enterprise software. |2 bicssc | |
| 650 | 7 | |a Computer networking & communications. |2 bicssc | |
| 650 | 7 | |a Network security. |2 bicssc | |
| 650 | 7 | |a COMPUTERS |x Security |x General. |2 bisacsh | |
| 650 | 7 | |a Computer networks |x Access control. |2 fast |0 (OCoLC)fst00872298 | |
| 650 | 7 | |a Computer networks |x Security measures. |2 fast |0 (OCoLC)fst00872341 | |
| 650 | 7 | |a Information technology |x Management. |2 fast |0 (OCoLC)fst00973112 | |
| 856 | 4 | 0 | |u https://ebsco.uam.elogim.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1860846 |z Texto completo |
| 856 | 4 | 0 | |u https://learning.oreilly.com/library/view/~/9781788995504/?ar |z Texto completo |
| 938 | |a Askews and Holts Library Services |b ASKH |n BDZ0037628260 | ||
| 938 | |a ProQuest Ebook Central |b EBLB |n EBL5520885 | ||
| 938 | |a EBSCOhost |b EBSC |n 1860846 | ||
| 994 | |a 92 |b IZTAP | ||