The purpose and intent of DevSecOps are to build on the mindset that "everyone is responsible for security" with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the required safety. It helps improve the security and overall quality of the software being developed.
This book starts with a brief introduction to DevOps, DevSecOps, and the principles behind them.
Understanding the principles, we'll dig deeper into different topics for Application Security and Secure Coding. We will understand what a secure development lifecycle is and how to perform Threat Modeling properly. We’ll also cover the various tools available for those tasks, as well as the best practices for developing secure code and embedding security and policy into an application. Finally, we'll look at Automation and Infrastructure Security with our main focusing on continuous security testing, Infrastructure as Code, protecting the DevOps tools, and learning about the software supply chain.
By the end of this book, you will know how to apply application security, secure coding, and DevSecOps practices into our development pipeline.

Osoby które kupowały "Implementing DevSecOps Practices. Supercharge your software security with DevSecOps excellence", wybierały także:

• Windows Media Center. Domowe centrum rozrywki 66,67 zÅ‚, (8,00 zÅ‚ -88%)
• Ruby on Rails. Ćwiczenia 18,75 zÅ‚, (3,00 zÅ‚ -84%)
• Przywództwo w Å›wiecie VUCA. Jak być skutecznym liderem w niepewnym Å›rodowisku 58,64 zÅ‚, (12,90 zÅ‚ -78%)
• Scrum. O zwinnym zarzÄ…dzaniu projektami. Wydanie II rozszerzone 58,64 zÅ‚, (12,90 zÅ‚ -78%)
• Od hierarchii do turkusu, czyli jak zarzÄ…dzać w XXI wieku 58,64 zÅ‚, (12,90 zÅ‚ -78%)

Spis treści

Implementing DevSecOps Practices. Understand application security testing and secure coding by integrating SAST and DAST eBook -- spis treści

• 1. Introducing DevSecOps
• 2. DevSecOps Principles
• 3. Understanding the Security Posture
• 4. Understanding Observability
• 5. Understanding Chaos Engineering
• 6. Continuous Integration and Continuous Deployment
• 7. Threat Modeling
• 8. Software Composition Analysis (SCA)
• 9. Static Application Security Testing (SAST)
• 10. Infrastructure-as-Code (IaC) Scanning
• 11. Dynamic Application Security Testing (DAST)
• 12. Setting Up a DevSecOps Program with Open Source Tools
• 13. Licenses Compliance, Code Coverage, and Baseline Policies
• 14. Setting Up a Security Champions Program
• 15. Case Studies
• 16. Conclusion