Learning DevSecOps e-Book:
Learning DevSecOps ebook download free book in pdf published by Oreilly Media, Author by Michelle Ribeiro, released in May 2022 (Early Access).
Learn how to implement continuous security throughout your entire software development and delivery pipeline. With this hands-on book, developers, SREs, tech leads, and security engineers will learn how to combine their security process with their DevOps culture. You'll gain a thorough understanding of the best DevSecOps practices, from the construction of safer container images to the hardening of orchestrators to methods for securing your cloud environment.
Michelle Ribeiro, CEO of SPIRITSEC, shows you how to introduce security into DevOps culture, methodologies and tools. You'll learn how to take advantage of contrasting security and DevOps cultures to build an effective DevSecOps program. You'll also explore the four Cs of the cloud-native security model: code, container, cloud, and cluster security by following coded examples.
- Get a review of the current threat environment to learn why security is becoming part of the DevOps movement
- Build an effective DevSecOps program by bridging the gap between the InfoSec and DevOps cultures
- Integrate security into the rapid-release cycles typical of modern software application development and delivery
- Secure your code, containers, clusters, and the cloud
- Avoid common DevSecOps mistakes by looking at case studies from Netflix, Facebook, and HSBC
DevSecOps is a cultural change aiming to learning and to integrate free security into the rapid-release cycles typical of modern software application development and delivery, known as DevOps. The ultimate goal of DevSecOps ebook is to have development, security, and operations teams working together to create business value through the fast delivery of secure software using a process of continuous security.
This integration is a concept that the IT industry has long wrestled with but has become possible only today due to the many evolutions the software engineering industry has undergone in the last 20 years. The Agile and DevOps movements promoted the necessary learning culture and tools needed to bring DevSecOps into life.
This chapter explores what DevSecOps is, what we secure, and the benefits of DevSecOps adoption. It concludes with common misconceptions about the term. I hope that by the end of the chapter, you will be able to understand the difference between DevSecOps, continuous security, and security as code.