Implementing DevSecOps Practices: Supercharge your software security with DevSecOps excellence

Get to grips with application security, secure coding, and DevSecOps practices to implement in your development pipeline

Key Features:

• Understand security posture management to maintain a resilient operational environment
• Master DevOps security and blend it with software engineering to create robust security protocols
• Adopt the left-shift approach to integrate early-stage security in DevSecOps
• Purchase of the print or Kindle book includes a free PDF eBook

Book Description:

DevSecOps is built on the idea that everyone is responsible for security, with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context. This practice of integrating security into every stage of the development process helps improve both the security and overall quality of the software. This book will help you get to grips with DevSecOps and show you how to implement it, starting with a brief introduction to DevOps, DevSecOps, and their underlying principles.

After understanding the principles, you'll dig deeper into different topics concerning application security and secure coding before learning about the secure development lifecycle and how to perform threat modeling properly. You'll also explore a range of tools available for these tasks, as well as best practices for developing secure code and embedding security and policy into your application. Finally, you'll look at automation and infrastructure security with a focus on continuous security testing, infrastructure as code (IaC), protecting DevOps tools, and learning about the software supply chain.

By the end of this book, you'll know how to apply application security, safe coding, and DevSecOps practices in your development pipeline to create robust security protocols.

What You Will Learn:

• Find out how DevSecOps unifies security and DevOps, bridging a significant cybersecurity gap
• Discover how CI/CD pipelines can incorporate security checks for automatic vulnerability detection
• Understand why threat modeling is indispensable for early vulnerability identification and action
• Explore chaos engineering tests to monitor how systems perform in chaotic security scenarios
• Find out how SAST pre-checks code and how DAST finds live-app vulnerabilities during runtime
• Perform real-time monitoring via observability and its criticality for security management

Who this book is for:

This book is for DevSecOps engineers and application security engineers. Developers, pentesters, and information security analysts will also find plenty of useful information in this book. Prior knowledge of the software development process and programming logic is beneficial, but not required.

深入了解應用程式安全、安全編碼和DevSecOps實踐，以在開發流程中實施。

主要特點：

- 了解安全姿態管理，以維護具有彈性的運營環境
- 掌握DevOps安全並將其與軟體工程相結合，創建強大的安全協議
- 採用左移方法，將早期安全性整合到DevSecOps中
- 購買印刷版或Kindle書籍包括免費的PDF電子書

書籍描述：

DevSecOps建立在每個人都對安全負責的理念上，目標是將安全決策安全地分發給具有最高上下文水平的人，以實現快速且規模化的安全。將安全整合到開發過程的每個階段有助於提高軟體的安全性和整體品質。本書將幫助您深入了解DevSecOps，並向您展示如何實施它，從簡要介紹DevOps、DevSecOps及其基本原則開始。

在了解原則之後，您將更深入地研究有關應用程式安全和安全編碼的不同主題，然後學習如何正確執行威脅建模。您還將探索可用於這些任務的各種工具，以及開發安全代碼和將安全和策略嵌入應用程式的最佳實踐。最後，您將關注連續安全測試、基礎設施安全和自動化，並了解如何保護DevOps工具以及了解軟體供應鏈。

通過閱讀本書，您將學會如何在開發流程中應用應用程式安全、安全編碼和DevSecOps實踐，創建強大的安全協議。

您將學到什麼：

- 了解DevSecOps如何統一安全和DevOps，彌合重要的網絡安全差距
- 發現CI/CD流程如何整合安全檢查，以自動檢測漏洞
- 瞭解為什麼威脅建模對於早期漏洞識別和處理至關重要
- 探索混沌工程測試，以監控系統在混亂的安全情境中的表現
- 了解SAST如何預先檢查程式碼，以及DAST如何在運行時找到活動應用程式的漏洞
- 通過可觀察性進行實時監控，並了解其對安全管理的重要性

本書適合DevSecOps工程師和應用程式安全工程師閱讀。開發人員、滲透測試人員和資訊安全分析師也可以在本書中找到大量有用的資訊。對軟體開發過程和程式邏輯的先備知識有益，但不是必需的。