Security as Code - Helion
ISBN: 9781098127428
stron: 122, Format: ebook
Data wydania: 2023-01-03
Księgarnia: Helion
Cena książki: 194,65 zł (poprzednio: 226,34 zł)
Oszczędzasz: 14% (-31,69 zł)
DevOps engineers, developers, and security engineers have ever-changing roles to play in today's cloud native world. In order to build secure and resilient applications, you have to be equipped with security knowledge. Enter security as code.
In this book, authors BK Sarthak Das and Virginia Chu demonstrate how to use this methodology to secure any application and infrastructure you want to deploy. With Security as Code, you'll learn how to create a secure containerized application with Kubernetes using CI/CD tooling from AWS and open source providers.
This practical book also provides common patterns and methods to securely develop infrastructure for resilient and highly available backups that you can restore with just minimal manual intervention.
- Learn the tools of the trade, using Kubernetes and the AWS Code Suite
- Set up infrastructure as code and run scans to detect misconfigured resources in your code
- Create secure logging patterns with CloudWatch and other tools
- Restrict system access to authorized users with role-based access control (RBAC)
- Inject faults to test the resiliency of your application with AWS Fault Injector or open source tooling
- Learn how to pull everything together into one deployment
Osoby które kupowały "Security as Code", wybierały także:
- Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
- Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
- Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)
- Scrum. O zwinnym zarządzaniu projektami. Wydanie II rozszerzone 58,64 zł, (12,90 zł -78%)
- Od hierarchii do turkusu, czyli jak zarządzać w XXI wieku 58,64 zł, (12,90 zł -78%)
Spis treści
Security as Code eBook -- spis treści
- Preface
- Who Is This Book For?
- What Do You Need To Get Started?
- Whats in This Book?
- Conventions Used in This Book
- Using Code Examples
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
- 1. Introduction to DevSecOps
- Before DevOps: The Software Development Life Cycle
- What Is DevSecOps?
- Introducing Automatoonz
- Cloud Infrastructure: Secure by Default
- Move Fast, Secure Fast: The Importance of Automation
- DevSecOps Culture
- Summary
- 2. Setting Up Your Environment
- What Youll Need
- Installing and Verifying Your Setup
- Installing the AWS CLI
- Installing the Docker Engine
- Checking Your Python Version
- Installing Git
- Installing Kubernetes
- Creating Your First Bare-Bones Pipeline
- Summary
- 3. Securing Your Infrastructure
- What Makes Infrastructure Secure?
- Hands Off! Preventing Unwanted Access with IAM Permissions
- Detecting Misconfigurations
- Identifying a Standard
- Threat Modeling
- Security Controls
- Better Than a Cure: Implementing Preventive Controls
- Implementation
- Summary
- 4. Logging and Monitoring
- What Are Logging and Monitoringand Why Do They Matter?
- Attack Styles
- Advanced Persistent Threat Attacks
- Ransomware Strains
- Passive and Active Attacks
- Log Types
- Log Storage
- Detecting Anomalies
- Remediation with AWS Config
- Correlating User Activity with CloudTrail
- Network Monitoring with an Amazon VPC
- Summary
- 5. Controlling Access Through Automation
- The Principle of Least Privilege
- Fine-Tuning Access Controls
- Use a Tagging System
- Clarify Team Responsibilities
- Prevent and Detect
- The IAM Pipeline
- Summary
- 6. Fault Injection Test
- Distributed Systems
- Adaptive Security Controls
- The True Cost of Downtime
- Methods for Minimizing Downtime
- Chaos Engineering
- Basic Principles
- Principle 1: Define your steady state
- Principle 2: Build a hypothesis
- Principle 3: Introduce real-world events as variables
- Principle 4: Try to disprove your hypothesis
- Advanced Principles
- Run experiments in production
- Automate experiments to run continuously
- Minimize the blast radius
- Basic Principles
- Chaos Engineering in AWS Environments
- Chaos Engineering at Automatoonz
- AWS Fault Injection Simulator Experiment Examples
- Kubernetes Pod Stress Testing
- Throttling EC2 API Calls
- Stress Testing the CPU on an EC2 Instance
- Terminating an EC2 Instance
- Removing Ingress and Egress Rules from a Security Group
- Detaching an EBS Volume from an EC2 Instance
- Summary
- Distributed Systems
- 7. People and Processes
- People: Team Structures and Roles
- Security Engineers
- Developers
- Compliance Team
- Product Manager
- Team Structure
- Processes: Practices and Communication
- Communicate to the Right People, Consistently
- Make Product Owners Accountable for Their Security Findings
- Build Threat Modeling into Your Processes
- Build Roadmaps to Reach Your DevSecOps Goals
- What Next?
- Summary
- People: Team Structures and Roles
- Index