DevSecOps for .NET core : securing modern software applications /

Automate core security tasks by embedding security controls and processes early in the DevOps workflow through DevSecOps. You will not only learn the various stages in the DevOps pipeline through examples of solutions developed and deployed using .NET Core, but also go through open source SDKs and t...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Zeeshan, Afzaal Ahmad (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Berkeley, CA : Apress L.P., 2020.
Temas:
Computer security.
Computer Security
Sécurité informatique.
Microsoft programming.
Computers > Security > General.
Computers > Programming > Microsoft Programming.
Computer security
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Intro
  • Table of Contents
  • About the Author
  • About the Technical Reviewer
  • Acknowledgments
  • Introduction
  • Chapter 1: Modern Software Engineering
  • Software Design
  • Solutions on the Internet
  • Multicultural Customers
  • The Ever-Changing Market
  • Security and Compliance Requirements
  • Prerequisites
  • What to Expect in This Book
  • What Not to Expect in This Book
  • Chapter 2: DevOps with Security
  • The DevOps Cycle
  • Adding Security
  • Sec: Security, Performance, and Productivity
  • Simple .NET Core App
  • Manual Builds
  • Basic Testing and QA
  • Code-Analysis Services
  • StyleCops. Analyzers
  • Codacy Overview
  • ASP.NET Core Sample
  • HTTPS vs. SSH
  • GitHub
  • GitLab
  • Azure DevOps
  • Summary
  • Chapter 3: Writing Secure Apps
  • Write Less, Write Secure
  • SAST, DAST, IAST, and RASP
  • Developer Training
  • Analyzers for Secure Code
  • Runtime Selection and Configuration
  • Code Smells, Bugs, Performance Issues and Naive Errors
  • Vulnerabilities in Web Apps
  • Fixing Injection and Scripting Attacks
  • Scripting Problems: XSS, Token Forgery, and Session Hijacks
  • Automated Tests
  • Microservices: Separation of Concerns
  • N-Tier Products with Hidden Databases
  • Corporate Applications
  • Increasing Scalability
  • Communication in Services
  • TCP
  • HTTP/2, gRPC, and Beyond
  • gRPC Sample
  • Using Secure Cryptographic Methods
  • MD5 and SHA1 for File Hashes
  • Apply SSL Across Domain
  • Summary
  • Chapter 4: Automating Everything as Code
  • Version Control and Audit
  • Centralized Version Control Systems
  • Distributed Version Control Systems
  • GitOps
  • Hosted Code Storage
  • Infrastructure as Code (IaC)
  • Azure Resource Manager as an IaC Toolkit
  • Ansible, Terraform, and More
  • Automating Code Building and Deployment
  • Creating Build Pipelines
  • Utilizing a Bug Database
  • Compliance and Policies
  • Risk and Bugs Analysis
  • Feature Flags
  • Summary
  • Chapter 5: Securing Build Systems for DevOps
  • On-Premises vs. Hosted CI/CD
  • Jenkins Overview
  • Azure VSTS (Azure DevOps Server)
  • GitLab Auto DevOps and GitHub Actions
  • Securing Logs
  • Artifact Publishing, Caching, and Hashing
  • Docker Containers for Build Environments
  • Automated Deployments
  • Summary
  • Chapter 6: Automating Production Environments for Quality
  • Host Platforms
  • Docker and Containers
  • Network Security
  • Web Firewalls
  • DDoS
  • SSL and Encryption
  • API Management
  • Configuration and Credentials
  • Mobile Applications
  • Secure Vaults
  • System Failure and Post-Mortems
  • Infrastructure Rollbacks
  • Summary
  • Chapter 7: Compliance and Security
  • Auditing
  • Data Privacy and Control
  • DevOps Audit Defense Toolkit
  • Automated Issue Tracking
  • Summary
  • Index

Ejemplares similares