Devsecops for .Net Core: Securing Modern Software Applications
暫譯: .NET Core 的 DevSecOps:保護現代軟體應用程式
Ahmad Zeeshan, Afzaal
相關主題
商品描述
Automate core security tasks by embedding security controls and processes early in the DevOps workflow through DevSecOps. You will not only learn the various stages in the DevOps pipeline through examples of solutions developed and deployed using .NET Core, but also go through open source SDKs and toolkits that will help you to incorporate automation, security, and compliance.
The book starts with an outline of modern software engineering principles and gives you an overview of DevOps in .NET Core. It further explains automation in DevOps for product development along with security principles to improve product quality. Next, you will learn how to improve your product quality and avoid code issues such as SQL injection prevention, cross-site scripting, and many more. Moving forward, you will go through the steps necessary to make security, compliance, audit, and UX automated to increase the efficiency of your organization. You'll see demonstrations of the CI phase of DevOps, on-premise and hosted, along with code analysis methods to verify product quality. Finally, you will learn network security in Docker and containers followed by compliance and security standards.
After reading DevSecOps for .NET Core, you will be able to understand how automation, security, and compliance works in all the stages of the DevOps pipeline while showcasing real-world examples of solutions developed and deployed using .NET Core 3.
What You Will Learn
- Implement security for the .NET Core runtime for cross-functional workloads
- Work with code style and review guidelines to improve the security, performance, and maintenance of components
- Add to DevOps pipelines to scan code for security vulnerabilities
- Deploy software on a secure infrastructure, on Docker, Kubernetes, and cloud environments
- Who This Book Is For
Software engineers and developers who develop and maintain a secure code repository.
商品描述(中文翻譯)
自動化核心安全任務,透過 DevSecOps 在 DevOps 工作流程中早期嵌入安全控制和流程。您不僅將通過使用 .NET Core 開發和部署的解決方案示例學習 DevOps 管道中的各個階段,還將了解開源 SDK 和工具包,這些將幫助您整合自動化、安全性和合規性。
本書首先概述了現代軟體工程原則,並提供 .NET Core 中 DevOps 的概覽。接著進一步解釋了 DevOps 中的自動化,針對產品開發的安全原則,以提高產品質量。接下來,您將學習如何改善產品質量並避免代碼問題,例如 SQL 注入防護、跨站腳本攻擊等。隨後,您將了解使安全性、合規性、審計和用戶體驗自動化所需的步驟,以提高組織的效率。您將看到 DevOps 的 CI 階段的演示,包括本地和託管環境,以及驗證產品質量的代碼分析方法。最後,您將學習 Docker 和容器中的網路安全,隨後是合規性和安全標準。
閱讀完《DevSecOps for .NET Core》後,您將能夠理解自動化、安全性和合規性如何在 DevOps 管道的所有階段中運作,同時展示使用 .NET Core 3 開發和部署的解決方案的實際案例。
您將學到的內容:
- 為跨功能工作負載實施 .NET Core 執行時的安全性
- 使用代碼風格和審查指南來改善組件的安全性、性能和維護性
- 在 DevOps 管道中添加掃描代碼以檢查安全漏洞
- 在安全基礎架構上部署軟體,包括 Docker、Kubernetes 和雲環境
- 本書適合對象:開發和維護安全代碼庫的軟體工程師和開發人員。
作者簡介
Afzaal Ahmad Zeeshan is a software engineer based in Rabwah, Pakistan, and likes .NET Core for regular day development. He has experience with cloud, mobile, and API development. Afzaal Ahmad has experience with the Azure platform and likes to build cross-platform libraries/software with .NET Core. He has been awarded MVP Award by Alibaba Cloud for cloud expertise and has been recognized as a Microsoft MVP for his work in the field of software development twice, four times as a CodeProject MVP for technical writing and mentoring, and four times as a C# Corner MVP in the same field.
作者簡介(中文翻譯)
Afzaal Ahmad Zeeshan 是一位位於巴基斯坦 Rabwah 的軟體工程師,喜愛使用 .NET Core 進行日常開發。他在雲端、行動和 API 開發方面擁有經驗。Afzaal Ahmad 擁有 Azure 平台的經驗,並喜歡使用 .NET Core 建立跨平台的函式庫/軟體。他因在雲端專業領域的表現而獲得了阿里雲的 MVP 獎,並因在軟體開發領域的工作兩次被認定為 Microsoft MVP,四次因技術寫作和指導而獲得 CodeProject MVP,並四次在同一領域獲得 C# Corner MVP。
