Hands-On Security in DevOps
eBook - ePub

Hands-On Security in DevOps

Ensure continuous security, deployment, and delivery with DevSecOps

  1. 356 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Hands-On Security in DevOps

Ensure continuous security, deployment, and delivery with DevSecOps

About this book

Protect your organization's security at all levels by introducing the latest strategies for securing DevOps

Key Features

  • Integrate security at each layer of the DevOps pipeline
  • Discover security practices to protect your cloud services by detecting fraud and intrusion
  • Explore solutions to infrastructure security using DevOps principles

Book Description

DevOps has provided speed and quality benefits with continuous development and deployment methods, but it does not guarantee the security of an entire organization. Hands-On Security in DevOps shows you how to adopt DevOps techniques to continuously improve your organization's security at every level, rather than just focusing on protecting your infrastructure.

This guide combines DevOps and security to help you to protect cloud services, and teaches you how to use techniques to integrate security directly in your product. You will learn how to implement security at every layer, such as for the web application, cloud infrastructure, communication, and the delivery pipeline layers. With the help of practical examples, you'll explore the core security aspects, such as blocking attacks, fraud detection, cloud forensics, and incident response. In the concluding chapters, you will cover topics on extending DevOps security, such as risk assessment, threat modeling, and continuous security.

By the end of this book, you will be well-versed in implementing security in all layers of your organization and be confident in monitoring and blocking attacks throughout your cloud services.

What you will learn

  • Understand DevSecOps culture and organization
  • Learn security requirements, management, and metrics
  • Secure your architecture design by looking at threat modeling, coding tools and practices
  • Handle most common security issues and explore black and white-box testing tools and practices
  • Work with security monitoring toolkits and online fraud detection rules
  • Explore GDPR and PII handling case studies to understand the DevSecOps lifecycle

Who this book is for

Hands-On Security in DevOps is for system administrators, security consultants, and DevOps engineers who want to secure their entire organization. Basic understanding of Cloud computing, automation frameworks, and programming is necessary.

Tools to learn more effectively

Saving Books

Saving Books

Keyword Search

Keyword Search

Annotating Text

Annotating Text

Listen to it instead

Listen to it instead

Information

Publisher
Packt Publishing
Year
2018
Print ISBN
9781788995504
eBook ISBN
9781788992411
Edition
1
Topic
Computer Science
Subtopic
Business Intelligence
Index
Computer Science

DevSecOps - Challenges, Tips, and FAQs

The adoption of DevSecOps is a continuous learning process and takes a lot of stakeholder involvement, process optimization, business priority conflicts, and customization of security tools, as well as a security knowledge learning curve. The intention of this chapter is to give you some hands-on tips, challenges, and FAQs based on a functional roles perspective.
We will cover the following topics in this chapter:
  • DevSecOps FAQs for security management
  • DevSecOps FAQs for the development team
  • DevSecOps FAQs for the testing team
  • DevSecOps FAQs for the operations team

DevSecOps for security management

Q: Are there any suggested industry best practices for secure development and deployment in DevOps?
The OWASP SAMM (Software Assurance Maturity Model), Microsoft Security Development Lifecycle (SDL) and the SafeCode provide practical security practices for the DevOps or agile development.
  • OWASP SAMM: https://github.com/OWASP/samm
  • Microsoft SDL for Agile: https://www.microsoft.com/en-us/SDL/Discover/sdlagile.aspx
  • SafeCode: https://safecode.org/publications/
Q: What are the security risks of a cloud service?
The CSA has defined the top threats to cloud computing on their website (https://cloudsecurityalliance.org/group/top-threats/), which are listed as follows:
  • Data Breaches
  • Insufficient identity, credential, and access management
  • Insecure interfaces and APIs
  • System vulnerabilities
  • Account hijacking
  • Malicious insiders
  • Advanced persistent threats
  • Data loss
  • Insufficient due diligence
  • Abuse and nefarious use of cloud services
  • Denial of service
  • Shared technology vulnerabilities
Q: What are the security requirements in terms of GDPR compliance?
The following table lists the GDPR security requirements for a software/service of the data processor and data controller:
GDPR requirements
Data processor
Data controller
Provide a data privacy declaration
Must
Must
Data collection requires a user's explicit consent to allow data collection and also to allow the user to disable the data collection
Must
Must
For the purposes of error troubleshooting, the user must be informed whether the collection of logs includes personal information
Must
Must
The collection of a user's cookies requires the user's consent.
Refer to https://www.cookielaw.org/the-cookie-law/ for more details.
Must
Must
If the data is collected for marketing analysis purposes, the application must allow users to disable the analysis
Recommended
Must
Provide the ability to remove data securely after the data expires
Must
Must
If the data will be provided to third-party partners, it must have the user's explicit consent
Recommended
Must
Provide the ability for the user to query and update the data
Recommended
Must
Delete any temporary data that is no longer in use
Recommended
Must
Provide the ability to export the data
Recommended
Must
Secure data transmission
Must
Must
Secure local data storage with encryption, access control, and logging security controls
Must
Must

DevSecOps for the development team

Q: What are the recommended security architecture patterns?
  • Open Security Architecture Patterns: http://www.opensecurityarchitecture.org/cms/library/patternlandscape
  • Security and privacy reference a...

Table of contents

  1. Title Page
  2. Copyright and Credits
  3. Packt Upsell
  4. Contributors
  5. Preface
  6. DevSecOps Drivers and Challenges
  7. Security Goals and Metrics
  8. Security Assurance Program and Organization
  9. Security Requirements and Compliance
  10. Case Study - Security Assurance Program
  11. Security Architecture and Design Principles
  12. Threat Modeling Practices and Secure Design
  13. Secure Coding Best Practices
  14. Case Study - Security and Privacy by Design
  15. Security-Testing Plan and Practices
  16. Whitebox Testing Tips
  17. Security Testing Toolkits
  18. Security Automation with the CI Pipeline
  19. Incident Response
  20. Security Monitoring
  21. Security Assessment for New Releases
  22. Threat Inspection and Intelligence
  23. Business Fraud and Service Abuses
  24. GDPR Compliance Case Study
  25. DevSecOps - Challenges, Tips, and FAQs
  26. Assessments
  27. Other Books You May Enjoy

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Hands-On Security in DevOps by Tony Hsu in PDF and/or ePUB format, as well as other popular books in Computer Science & Business Intelligence. We have over one million books available in our catalogue for you to explore.