Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps

Packt Publishing Ltd
Free sample

Protect your organization's security at all levels by introducing the latest strategies for securing DevOpsKey Features
  • Integrate security at each layer of the DevOps pipeline
  • Discover security practices to protect your cloud services by detecting fraud and intrusion
  • Explore solutions to infrastructure security using DevOps principles
Book Description

DevOps has provided speed and quality benefits with continuous development and deployment methods, but it does not guarantee the security of an entire organization. Hands-On Security in DevOps shows you how to adopt DevOps techniques to continuously improve your organization’s security at every level, rather than just focusing on protecting your infrastructure.

This guide combines DevOps and security to help you to protect cloud services, and teaches you how to use techniques to integrate security directly in your product. You will learn how to implement security at every layer, such as for the web application, cloud infrastructure, communication, and the delivery pipeline layers. With the help of practical examples, you’ll explore the core security aspects, such as blocking attacks, fraud detection, cloud forensics, and incident response. In the concluding chapters, you will cover topics on extending DevOps security, such as risk assessment, threat modeling, and continuous security.

By the end of this book, you will be well-versed in implementing security in all layers of your organization and be confident in monitoring and blocking attacks throughout your cloud services.

What you will learn
  • Understand DevSecOps culture and organization
  • Learn security requirements, management, and metrics
  • Secure your architecture design by looking at threat modeling, coding tools and practices
  • Handle most common security issues and explore black and white-box testing tools and practices
  • Work with security monitoring toolkits and online fraud detection rules
  • Explore GDPR and PII handling case studies to understand the DevSecOps lifecycle
Who this book is for

Hands-On Security in DevOps is for system administrators, security consultants, and DevOps engineers who want to secure their entire organization. Basic understanding of Cloud computing, automation frameworks, and programming is necessary.

Read more

About the author

Tony Hsu is a senior security architect with over 20 years of experience in security services technology. He has rich experience with Secure Software Development LifeCycle (SSDLC), is deeply involved with security activities such as security requirements planning, threat modeling, secure architecture and design review, secure code review, automated security testing, and cloud services security monitoring. He is also in-house SDL trainer. He is also a co contributor on OWASP projects such as OWASP testing guide, proactive control guide, and deserialization security cheatsheet.
Read more

Additional Information

Packt Publishing Ltd
Read more
Published on
Jul 30, 2018
Read more
Read more
Read more
Read more
Read more
Read more
Business & Economics / Operations Research
Computers / Enterprise Applications / Business Intelligence Tools
Computers / Enterprise Applications / General
Computers / Networking / General
Computers / Security / Networking
Computers / System Administration / General
Read more
Content Protection
This content is DRM free.
Read more
Read Aloud
Available on Android devices
Read more

Reading information

Smartphones and Tablets

Install the Google Play Books app for Android and iPad/iPhone. It syncs automatically with your account and allows you to read online or offline wherever you are.

Laptops and Computers

You can read books purchased on Google Play using your computer's web browser.

eReaders and other devices

To read on e-ink devices like the Sony eReader or Barnes & Noble Nook, you'll need to download a file and transfer it to your device. Please follow the detailed Help center instructions to transfer the files to supported eReaders.
Implement DevOps for Salesforce and explore its featuresKey FeaturesLearn DevOps principles and techniques for enterprise operations in SalesforceImplement Continuous Integration and Continuous Delivery using tools such as Jenkins and Ant scriptUse the Force.com Migration Tool and Git to achieve versioning in SalesforceBook Description

Salesforce is one of the top CRM tools used these days, and with its immense functionalities and features, it eases the functioning of an enterprise in various areas of sales, marketing, and finance, among others. Deploying Salesforce applications is a tricky event, and it can get quite taxing for admins and consultants. This book addresses all the problems that you might encounter while trying to deploy your applications and shows you how to resort to DevOps to take these challenges head on.

Beginning with an overview of the development and delivery process of a Salesforce app, DevOps for Salesforce covers various types of sandboxing and helps you understand when to choose which type. You will then see how different it is to deploy with Salesforce as compared to deploying with another app. You will learn how to leverage a migration tool and automate deployment using the latest and most popular tools in the ecosystem. This book explores topics such as version control and DevOps techniques such as Continuous Integration, Continuous Delivery, and testing. Finally, the book will conclude by showing you how to track bugs in your application changes using monitoring tools and how to quantify your productivity and ROI.

By the end of the book, you will have acquired skills to create, test, and effectively deploy your applications by leveraging the features of DevOps.

What you will learnImplement DevOps for Salesforce and understand the benefits it offersAbstract the features of Force.com MigrationTool to migrate and retrieve metadataDevelop your own CI/CD Pipeline for Salesforce projectUse Qualitia to perform scriptless automation for Continuous TestingTrack application changes using BugzillaApply Salesforce best practices to implement DevOpsWho this book is for

If you are a Salesforce developer, consultant, or manager who wants to learn DevOps tools and set up pipelines for small as well as large Salesforce projects, this book is for you.

Transform machine-generated data into valuable business insights using the powers of SplunkKey FeaturesExplore the all-new machine learning toolkit in Splunk 7.xTackle any problems related to searching and analyzing your data with SplunkGet the latest information and business insights on Splunk 7.xBook Description

Splunk makes it easy for you to take control of your data and drive your business with the cutting edge of operational intelligence and business analytics. Through this Learning Path, you'll implement new services and utilize them to quickly and efficiently process machine-generated big data.

You'll begin with an introduction to the new features, improvements, and offerings of Splunk 7. You'll learn to efficiently use wildcards and modify your search to make it faster. You'll learn how to enhance your applications by using XML dashboards and configuring and extending Splunk. You'll also find step-by-step demonstrations that'll walk you through building an operational intelligence application. As you progress, you'll explore data models and pivots to extend your intelligence capabilities.

By the end of this Learning Path, you'll have the skills and confidence to implement various Splunk services in your projects.

This Learning Path includes content from the following Packt products:

Implementing Splunk 7 - Third Edition by James MillerSplunk Operational Intelligence Cookbook - Third Edition by Paul R Johnson, Josh Diakun, et alWhat you will learnMaster the new offerings in Splunk: Splunk Cloud and the Machine Learning ToolkitCreate efficient and effective searchesMaster the use of Splunk tables, charts, and graph enhancementsUse Splunk data models and pivots with faster data model accelerationMaster all aspects of Splunk XML dashboards with hands-on applicationsApply ML algorithms for forecasting and anomaly detectionIntegrate advanced JavaScript charts and leverage Splunk's APIWho this book is for

This Learning Path is for data analysts, business analysts, and IT administrators who want to leverage the Splunk enterprise platform as a valuable operational intelligence tool. Existing Splunk users who want to upgrade and get up and running with Splunk 7.x will also find this book useful. Some knowledge of Splunk services will help you get the most out of this Learning Path.

Learn to distribute network traffic, optimize application delivery, and defend network-level threats.Key FeaturesQuickly get up and running with Azure networking solutionsLevel-up your cloud networking skills by planning, implementing, configuring, and securing your infrastructure network with AzureLeverage Azure networking services to provide applications highly available and fault tolerant environment Book Description

Microsoft provides organizations with an effective way of managing their network with Azure's networking services. No matter the size of your organization, Azure provides a way to highly reliable performance and secure connectivity with its networking services.

The book starts with an introduction to the Azure networking like creating Azure virtual networks, designing address spaces and subnets. Then you will learn to create and manage network security groups, application security groups, and IP addresses in Azure. Gradually, we move on to various aspects like S2S, P2S, and Vnet2Vnet connections, DNS and routing, load balancers and traffic manager. This book will cover every aspect and function required to deliver practical recipes to help readers learn from basic cloud networking practices to planning, implementing, and securing their infrastructure network with Azure. Readers will not only be able to upscale their current environment but will also learn to monitor, diagnose, and ensure secure connectivity. After learning to deliver a robust environment readers will also gain meaningful insights from recipes on best practices.

By the end of this book, readers will gain hands-on experience in providing cost-effective solutions that benefit organizations.

What you will learnLearn to create Azure networking servicesUnderstand how to create and work on hybrid connectionsConfigure and manage Azure network servicesLearn ways to design high availability network solutions in AzureDiscover how to monitor and troubleshoot Azure network resourcesLearn different methods of connecting local networks to Azure virtual networksWho this book is for

This book is targeted towards cloud architects, cloud solution providers, or any stakeholders dealing with networking on the Azure cloud. Some prior understanding of Microsoft Azure will be a plus point.

Your one stop guide to automating infrastructure security using DevOps and DevSecOpsKey FeaturesSecure and automate techniques to protect web, mobile or cloud servicesAutomate secure code inspection in C++, Java, Python, and JavaScriptIntegrate security testing with automation frameworks like fuzz, BDD, Selenium and Robot FrameworkBook Description

Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention.

This book will teach you to adopt security automation techniques to continuously improve your entire software development and security testing. You will learn to use open source tools and techniques to integrate security testing tools directly into your CI/CD framework. With this book, you will see how to implement security inspection at every layer, such as secure code inspection, fuzz testing, Rest API, privacy, infrastructure security, and web UI testing.

With the help of practical examples, this book will teach you to implement the combination of automation and Security in DevOps. You will learn about the integration of security testing results for an overall security status for projects.

By the end of this book, you will be confident implementing automation security in all layers of your software development stages and will be able to build your own in-house security automation platform throughout your mobile and cloud releases.

What you will learnAutomate secure code inspection with open source tools and effective secure code scanning suggestionsApply security testing tools and automation frameworks to identify security vulnerabilities in web, mobile and cloud servicesIntegrate security testing tools such as OWASP ZAP, NMAP, SSLyze, SQLMap, and OpenSCAPImplement automation testing techniques with Selenium, JMeter, Robot Framework, Gauntlt, BDD, DDT, and Python unittestExecute security testing of a Rest API Implement web application security with open source tools and script templates for CI/CD integrationIntegrate various types of security testing tool results from a single project into one dashboardWho this book is for

The book is for software developers, architects, testers and QA engineers who are looking to leverage automated security testing techniques.

©2019 GoogleSite Terms of ServicePrivacyDevelopersArtistsAbout Google|Location: United StatesLanguage: English (United States)
By purchasing this item, you are transacting with Google Payments and agreeing to the Google Payments Terms of Service and Privacy Notice.