Implementing DevSecOps Practices

Get to grips with application security, secure coding, and DevSecOps practices to implement in your development pipeline

Key FeaturesUnderstand security posture management to maintain a resilient operational environmentMaster DevOps security and blend it with software engineering with robust security protocolsAdopt the left-shift approach to integrate early-stage security in DevSecOpsBook DescriptionThe purpose and intent of DevSecOps are to build on the mindset that “everyone is responsible for security” with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the required safety. It helps improve the security and overall quality of the software being developed.

This book starts with a brief introduction to DevOps, DevSecOps, and the principles behind them. Understanding the principles, we’ll dig deeper into different topics for Application Security and Secure Coding. We will understand what a secure development lifecycle is and how to perform Threat Modeling properly. We’ll also cover the various tools available for those tasks, as well as the best practices for developing secure code and embedding security and policy into an application. Finally, we’ll look at Automation and Infrastructure Security with our main focusing on continuous security testing, Infrastructure as Code, protecting the DevOps tools, and learning about the software supply chain.

By the end of this book, you will know how to apply application security, secure coding, and DevSecOps practices into our development pipeline.

What you will learnLearn how DevSecOps unifies security and DevOps, closing a key cybersecurity gapDiscover how CI/CD pipelines can incorporate security checks for automatic vulnerability detectionUnderstand how security posture provides a snapshot of an organization’s defense capabilitiesGrasp why Threat Modeling is indispensable for early vulnerability identification and actionLearn Chaos Engineering tests and how systems perform under chaotic security scenariosRecognize SAST checks code for security flaws before it gets deployedWho This Book Is ForThis book is targeted at DevSecOps Engineers and Application Security Engineers. Developers, Pentesters, and Information Security Analysts will also benefit from this book. Prior knowledge of the software development process and programming logic is desired, but not required.

Table of ContentsIntroduction to DevSecOpsDevSecOps PrinciplesUnderstanding the Posture ManagementUnderstanding of ObservabilityUnderstanding of Chaos EngineeringContinuous Integration and Continuous DeploymentThreat ModelingSoftware Composition Analysis (SCA)Static Application Security Testing (SAST)Infrastructure as a Code ScanningDynamic Application Security Testing (DAST)Setting Up DevSecOps Program with Open Source ToolsLicenses Compliance, Code Coverage and Baseline PoliciesSetting Up Security Champions ProgramCase Studies

Size: A4(20*28cm)

Printing: 80 gm – color

Cover: Softcover