Free Download Implementing DevSecOps Practices: Understand application security testing and secure coding by integrating SAST and DAST by Vandana Verma Sehgal
English | December 22, 2023 | ISBN: 1803231491 | 258 pages | PDF | 12 Mb
Integrate Shift-Left Security, automation, IaC, and compliance into every stage of development, ensuring strong application security and continuous protection for modern software with DevSecOps best practices
Key FeaturesUnderstand security posture management to maintain a resilient operational environmentMaster DevOps security and blend it with software engineering to create robust security protocolsAdopt the left-shift approach to integrate early-stage security in DevSecOpsPurchase of the print or Kindle book includes a free PDF eBookBook Description
DevSecOps is built on the idea that everyone is responsible for security, with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context. This practice of integrating security into every stage of the development process helps improve both the security and overall quality of the software. This book will help you get to grips with DevSecOps and show you how to implement it, starting with a brief introduction to DevOps, DevSecOps, and their underlying principles.
After understanding the principles, you’ll dig deeper into different topics concerning application security and secure coding before learning about the secure development lifecycle and how to perform threat modeling properly. You’ll also explore a range of tools available for these tasks, as well as best practices for developing secure code and embedding security and policy into your application. Finally, you’ll look at automation and infrastructure security with a focus on continuous security testing, infrastructure as code (IaC), protecting DevOps tools, and learning about the software supply chain.
By the end of this book, you’ll know how to apply application security, safe coding, and DevSecOps practices in your development pipeline to create robust security protocols.
What you will learnFind out how DevSecOps unifies security and DevOps, bridging a significant cybersecurity gapDiscover how CI/CD pipelines can incorporate security checks for automatic vulnerability detectionUnderstand why threat modeling is indispensable for early vulnerability identification and actionExplore chaos engineering tests to monitor how systems perform in chaotic security scenariosFind out how SAST pre-checks code and how DAST finds live-app vulnerabilities during runtimePerform real-time monitoring via observability and its criticality for security managementWho this book is for
This book is for individuals new to DevSecOps and want to implement its practices successfully and efficiently. DevSecOps Engineers, Application Security Engineers, Developers, Pentesters, and Security Analysts will find plenty of useful information in this book. Prior knowledge of the software development process and programming logic is beneficial, but not mandatory.
Table of ContentsIntroducing DevSecOpsDevSecOps PrinciplesUnderstanding the Security PostureUnderstanding ObservabilityUnderstanding Chaos EngineeringContinuous Integration and Continuous DeploymentThreat ModelingSoftware Composition Analysis (SCA)Static Application Security Testing (SAST)Infrastructure-as-Code (IaC) ScanningDynamic Application Security Testing (DAST)Setting Up a DevSecOps Program with Open Source ToolsLicenses Compliance, Code Coverage, and Baseline PoliciesSetting Up a Security Champions ProgramCase StudiesConclusion
[b]Feel Free to contact me for book requests, informations or feedbacks.