Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps
暫譯: 實作DevOps安全性：透過DevSecOps確保持續安全、部署與交付

Protect your organization's security at all levels by introducing the latest strategies for secured DevOps

Key Features

• Integrate security at every layer of the DevOps pipeline.
• Discover security practices to protect your cloud services by detecting fraud and intrusion
• Practical solutions to infrastructure security using DevOps principles

Book Description

DevOps has brought speed and quality benefits with continuous development and deployment methods but it does not ensure entire organisation's security.

This book will show you how to adopt DevOps techniques to continuously improve your entire organisation's security at every level and not just focus on protecting your infrastructure.This book aims at combining DevOps and security to protect Cloud services. This practical guide will teach you to use techniques to integrate security directly in to your product. This book will also show you how to implement security at every layer like, web application, cloud infrastructure, communication, and delivery pipeline. With the help of practical examples this book will teach you to implement the combination of DevOps and Security. Then, this book will dive deep into teaching you core security aspects like, blocking attacks, fraud detection, Cloud forensics and incident response. Later, this book will cover topics on extending DevOps security like risk assessment, threat modelling and continuous security.

By the end of this book, you will be well-versed with implementing security in all layers of your organisation and will also learn to monitor and block attacks throughout your cloud services.

What you will learn

• Understand DevSecOps challenge, culture, organization
• Learn Security requirements, management and metrics
• Secure architecture design, threat modeling secure coding tools/practices
• Top common security issue, black/white box review tools/practices into CI pipeline
• Work with Security monitoring toolkits, and online fraud detection rules advices
• Take GDPR/PII handling as case study to walk through the whole DevSecOps lifecycle

Who This Book Is For

If you are a system administrator, security consultant or DevOps engineer who are looking at securing your entire organization then this is the book for you. Basic understanding of Cloud computing, automation frameworks and programming skills would be necessary.