DevSecOps: A leader's guide to producing secure software without compromising flow, feedback and continuous improvement

Add to Wishlist

DevSecOps: A leader's guide to producing secure software without compromising flow, feedback and continuous improvement

Paperback

$19.99

Paperback
$19.99

SHIP THIS ITEM

In stock. Ships in 1-2 days.
PICK UP IN STORE

Your local store may have stock of this item.

Available within 2 business hours

Want it Today?
Check Store Availability

Related collections and offers

Overview

A structured approach to integrating security capabilities into your engineering process is an essential requirement for producing secure software without compromising the integrity of the DevOps framework.

DevSecOps provides a clear path to building systems and protocols that promotes taking ownership of software security and supports the DevOps philosophy. Learn how to:

- Establish a security-first culture within your DevOps teams- Produce high-quality, secure software at pace

- Automate integrated security testing

- Use feedback loops to continuously improve the security of your products

- Measure security within your value streams

Product Details

ISBN-13:	9781781335024
Publisher:	Rethink Press
Publication date:	12/10/2020
Pages:	278
Product dimensions:	5.50(w) x 8.50(h) x 0.59(d)

About the Author

Glenn Wilson is the Chief Technology Officer and Founder of Dynaminet, a consultancy company that specialises in DevSecOps and Agile security. He is an experienced development and security professional who has worked for over twenty years in the IT industry across multiple sectors. Visit https: //dynaminet.com

Foreword

Introduction

1 DevOps Explained

The three ways

The five ideals

Conclusion

2 Security Explained

Types of attacks

Adversaries and their weapons

Conclusion

3 DevSecOps

Security implied in DevOps

Points of contention between DevOps and

security teams

A layered approach to effective DevSecOps

Three layers overview

Conclusion

4 Layer 1: Security Education

Importance of security education

Security champions

Gamified learning

Instructor-led training

Self-paced learning

Pair programming and peer reviews

Informal security knowledge sharing

Experimentation

Certification

Avoiding entropy

Conclusion

5 Layer 2: Secure By Design

The importance of good design principles

Threat modelling

Clean code

Naming conventions and formatting

Common weakness lists

Core application security design principles

Microservices

Container technologies

Securing the pipeline

Conclusion

6 Layer 3: Security Automation

The importance of security automation

Application security testing

Mobile security testing

Runtime application self-protection

Software composition analysis

Unit testing

Infrastructure as code testing

Container image scanning

Dynamic threat analysis

Network scanning

Some testing cannot be automated

Monitoring and alerting

Vulnerability management

Conclusion

7 Laying The Foundation

Increase DevSecOps maturity

Start reducing technical debt

Introduce an education programme

Implement security design principles

Implement security test automation

Measure and adjust

DevSecOps starts with people

Conclusion

8 Summary

References

Further Reading

Acknowledgements

The Author

From the B&N Reads Blog

Page 1 of

DevSecOps: A leader's guide to producing secure software without compromising flow, feedback and continuous improvement

DevSecOps: A leader's guide to producing secure software without compromising flow, feedback and continuous improvement

Paperback

Paperback

Related collections and offers

Overview

Product Details

About the Author

Table of Contents

Customer Reviews

Related collections and offers

Overview

Product Details

About the Author

Table of Contents

Related Subjects

Customer Reviews