Cargando…

Hands-on security in DevOps : ensure continuous security, deployment, and delivery with DevSecOps /

Hands-On Security in DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. By the end of this book, readers will be ready to build security controls at all layers, monitor and respond to attacks on cloud services, and add security organiza...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Hsu, Tony (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham, UK : Packt Publishing, 2018.
Temas:
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover; Title Page; Copyright and Credits; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: DevSecOps Drivers and Challenges; Security compliance; ISO 27001; Cloud Security Alliance (CSA); Federal Information Processing Standards (FIPS); Center for Internet Security (CIS) and OpenSCAP
  • securing your infrastructure; National Checklist Program (NCP) repository; OpenSCAP tools; Legal and security compliance; New technology (third-party, cloud, containers, and virtualization); Virtualization; Dockers; Infrastructure as Code (IaC); Cloud services hacks/abuse
  • Case study
  • products on saleWhat do hackers do?; Rapid release; Summary; Questions; Further reading; Chapter 2: Security Goals and Metrics; Organization goal; Strategy and metrics; Policy and compliance; Education and guidance; Development goal/metrics; Threat assessment; Threat assessment for GDPR; Deliverables and development team self-assessment; Security requirements; QA goal/metrics; Design review; Implementation review; Third-party components; IDE-plugin code review; Static code review; Target code review; Security testing; Operation goal/metrics; Issue management
  • Environment HardeningSecure configuration baseline; Constant monitoring mechanism; Operational enablement; Code signing for application deployment; Application communication ports matrix; Application configurations; Summary; Questions; Further reading; Chapter 3: Security Assurance Program and Organization; Security assurance program; SDL (Security Development Lifecycle); OWASP SAMM; Security guidelines and processes; Security growth with business; Stage 1
  • basic security control; Stage 2
  • building a security testing team; Stage 3
  • SDL activities; Stage 4
  • self-build security services
  • Stage 5
  • big data security analysis and automationRole of a security team in an organization; Security office under a CTO; Dedicated security team; Case study
  • a matrix, functional, or taskforce structure; Security resource pool; Security technical committee (taskforce); Summary; Questions; Further reading; Chapter 4: Security Requirements and Compliance; Security requirements for the release gate; Release gate examples; Common Vulnerability Scoring System (CVSS); Security requirements for web applications; OWASP Application Security Verification Standard (ASVS); Security knowledge portal
  • Security requirements for big dataBig data security requirements; Big data technical security frameworks; Privacy requirements for GDPR; Privacy Impact Assessment (PIA); Privacy data attributes; Example of a data flow assessment; GDPR security requirements for data processor and controller; Summary; Questions; Further reading; Chapter 5: Case Study
  • Security Assurance Program; Security assurance program case study; Microsoft SDL and SAMM; Security training and awareness; Security culture; Web security frameworks; Baking security into DevOps; Summary; Questions; Further reading