Cloud Native Software Security Handbook Unleash the Power of Cloud Native Tools for Robust Security in Modern Applications /

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Shah, Mihir (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham : Packt Publishing, Limited, 2023.
Temas:
Cloud computing > 21st century.
Computer software > 21st century.
Computer security > 21st century.
Computer storage device industry > 21st century.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright and Credits
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Understanding Cloud Native Technology and Security
  • Chapter 1: Foundations of Cloud Native
  • Understanding the cloud-native world
  • Why consider using cloud-native architecture?
  • Cloud models
  • Approach to thinking cloud-native
  • Components of a cloud-native system
  • Orchestration
  • Monitoring
  • Logging and tracing
  • Container registries
  • Service meshes
  • Security
  • Summary
  • Quiz
  • Further readings
  • Chapter 2: Cloud Native Systems Security Management
  • Technical requirements
  • Secure configuration management
  • Using OPA for secure configuration management
  • Requiring encryption for all confidential data
  • Restricting access to sensitive resources
  • Enforcing resource limits
  • Secure image management
  • Why care about image security?
  • Best practices for secure image management
  • Clair
  • Harbor
  • Creating an HTTPS connection for the repository
  • Scanning for vulnerabilities in images
  • Summary
  • Quiz
  • Further readings
  • Chapter 3: Cloud Native Application Security
  • Technical requirements
  • Overview of cloud-native application development
  • Differences between traditional and cloud-native app development
  • The DevOps model
  • Cloud-native architecture and DevOps
  • Introduction to application security
  • Overview of different security threats and attacks
  • Integrating security into the development process
  • OWASP Top 10 for cloud native
  • Not shift-left
  • Security and development trade-off
  • Supplemental security components
  • OWASP ASVS
  • Secrets management
  • How to create secrets in Vault
  • Summary
  • Quiz
  • Further reading
  • Part 2: Implementing Security in Cloud Native Environments
  • Chapter 4: Building an AppSec Culture
  • Technical requirements
  • Overview of building an AppSec program
  • Understanding your security needs
  • Identifying threats and risks in cloud-native environments
  • Bug bounty
  • Evaluating compliance requirements and regulations
  • Building an effective AppSec program for cloud-native
  • Security tools for software in development
  • Threat modeling
  • Providing security training and awareness to all stakeholders
  • Developing policies and procedures
  • Incident response and disaster recovery
  • Cloud security policy
  • Identity and access management policies
  • Continuous monitoring and improvement
  • Summary
  • Quiz
  • Further readings
  • Chapter 5: Threat Modeling for Cloud Native
  • Technical requirements
  • Developing an approach to threat modeling
  • An overview of threat modeling for cloud native
  • Integrating threat modeling into Agile and DevOps processes
  • Developing a threat matrix
  • Cultivating critical thinking and risk assessment
  • Fostering a critical thinking mindset
  • Developing risk assessment skills
  • Threat modeling frameworks
  • STRIDE
  • PASTA
  • LINDDUN

Ejemplares similares