Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright and Credits
Hands-On Security in DevOps
Packt Upsell
Why subscribe? PacktPub.com
Contributors
About the author About the reviewer Packt is searching for authors like you
Preface
Who this book is for What this book covers To get the most out of this book
Download the color images Conventions used
Get in touch
Reviews
DevSecOps Drivers and Challenges
Security compliance
ISO 27001 ISO 27017 and ISO 27018 Cloud Security Alliance (CSA) Federal Information Processing Standards (FIPS) Center for Internet Security (CIS) and OpenSCAP – securing your infrastructure National Checklist Program (NCP) repository OpenSCAP tools
Legal and security compliance New technology (third-party, cloud, containers, and virtualization)
Virtualization Dockers Infrastructure as Code (IaC)
Cloud services hacks/abuse
Case study – products on sale
What do hackers do?
Rapid release Summary Questions Further reading
Security Goals and Metrics
Organization goal
Strategy and metrics Policy and compliance Education and guidance
Development goal/metrics
Threat assessment Threat assessment for GDPR Deliverables and development team self-assessment Security requirements
QA goal/metrics
Design review Implementation review
Third-party components IDE-plugin code review Static code review Target code review
Security testing
Operation goal/metrics
Issue management Environment Hardening
Secure configuration baseline Constant monitoring mechanism
Operational enablement
Code signing for application deployment Application communication ports matrix Application configurations
Summary Questions Further reading
Security Assurance Program and Organization
Security assurance program
SDL (Security Development Lifecycle) OWASP SAMM Security guidelines and processes
Security growth with business
Stage 1 – basic security control  Stage 2 – building a security testing team Stage 3 – SDL activities Stage 4 – self-build security services Stage 5 – big data security analysis and automation
Role of a security team in an organization
Security office under a CTO Dedicated security team
Case study – a matrix, functional, or taskforce structure
Security resource pool Security technical committee (taskforce)
Summary Questions Further reading
Security Requirements and Compliance
Security requirements for the release gate
Release gate examples Common Vulnerability Scoring System (CVSS)
Security requirements for web applications
OWASP Application Security Verification Standard (ASVS) Security knowledge portal
Security requirements for big data
Big data security requirements Big data technical security frameworks
Privacy requirements for GDPR
Privacy Impact Assessment (PIA) Privacy data attributes Example of a data flow assessment GDPR security requirements for data processor and controller
Summary Questions Further reading
Case Study - Security Assurance Program
Security assurance program case study
Microsoft SDL and SAMM
Security training and awareness Security culture Web security frameworks Baking security into DevOps Summary Questions Further reading
Security Architecture and Design Principles
Security architecture design principles
Cloud service security architecture reference
Security framework
Java web security framework Non-Java web security frameworks
Web readiness for privacy protection Login protection Cryptographic modules Input validation and sanitization Data masking Data governance – Apache Ranger and Atlas Third-party open source management Summary Questions Further reading
Threat Modeling Practices and Secure Design
Threat modeling practices Threat modeling with STRIDE Diagram designer tool Card games Threat library references Case study – formal documents or not? Secure design Summary Questions Further reading
Secure Coding Best Practices
Secure coding industry best practices Establishing secure coding baselines Secure coding awareness training Tool evaluation Tool optimization High-risk module review Manual code review tools Secure code scanning tools Secure compiling Common issues in practice Summary Questions Further reading
Case Study - Security and Privacy by Design
Case study background Secure architecture review
Authentication Authorization Session management Data input/output
Privacy by design Summary of security and privacy frameworks  Third-party component management Summary Questions Further reading
Security-Testing Plan and Practices
Security-testing knowledge kit Security-testing plan templates
Security-testing objective Security-testing baseline Security-testing environment Testing strategy High-risk modules Recommended security-testing tools
Web security testing Privacy Security-testing domains Thinking like a hacker
Exploits and CVE Hacker techniques Malware Information
Security-Training environment Summary Questions Further reading
Whitebox Testing Tips
Whitebox review preparation Viewing the whole project High-risk module Whitebox review checklist Top common issues Secure coding patterns and keywords Case study – Java struts security review
Struts security review approaches Struts security checklist Struts security strings search in struts.xml and API
Summary Questions Further reading
Security Testing Toolkits
General security testing toolkits Automation testing criteria Behavior-driven security testing framework Android security testing Securing infrastructure configuration Docker security scanning Integrated security tools Summary Questions Further reading
Security Automation with the CI Pipeline
Security in continuous integration Security practices in development
IDE plugins to automate the code review Static code analysis Secure compiler configuration Dependency check
Web testing in proactive/proxy mode Web automation testing tips Security automation in Jenkins  Summary Questions Further reading
Incident Response
Security incident response process
Preparation Detection and analysis Containment and recovery Post-incident activity Security incident response platforms (SIRP)
SOC team Incident forensics techniques Summary Questions Further reading
Security Monitoring
Logging policy Security monitoring framework Source of information  Threat intelligence toolset Security scanning toolset Malware behavior matching – YARA Summary Questions Further reading
Security Assessment for New Releases
Security review policies for releases Security checklist and tools BDD security framework Consolidated testing results Summary Questions Further reading
Threat Inspection and Intelligence
Unknown threat detection Indicators of compromises Security analysis using big data frameworks
TheHive  MISP – an Open Source Threat Intelligence Platform Apache Metron
Summary Questions Further reading
Business Fraud and Service Abuses
Business fraud and abuses Business risk detection framework PCI DSS compliance Summary Questions Further reading
GDPR Compliance Case Study
GDPR security requirement Case studies
Case 1 – personal data discovery Case 2 – database anonymization Case 3 – cookie consent Case 4 – data-masking library for implementation Case 5 – evaluating website privacy status
Summary Questions Further reading
DevSecOps - Challenges, Tips, and FAQs
DevSecOps for security management  DevSecOps for the development team  DevSecOps for the testing team DevSecOps for the operations team Summary Further reading
Assessments
Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Chapter 15 Chapter 16 Chapter 17 Chapter 18 Chapter 19
Other Books You May Enjoy
Leave a review - let other readers know what you think
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion