𝔖 Scriptorium
✦   LIBER   ✦
📁

DevSecOps for .NET Core: Securing Modern Software Applications

✍ Scribed by Afzaal Ahmad Zeeshan

Publisher
Apress
Year
2020
Tongue
English
Leaves
297
Edition
1
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Automate core security tasks by embedding security controls and processes early in the DevOps workflow through DevSecOps. You will not only learn the various stages in the DevOps pipeline through examples of solutions developed and deployed using .NET Core, but also go through open source SDKs and toolkits that will help you to incorporate automation, security, and compliance. 

The book starts with an outline of modern software engineering principles and gives you an overview of DevOps in .NET Core. It further explains automation in DevOps for product development along with security principles to improve product quality. Next, you will learn how to improve your product quality and avoid code issues such as SQL injection prevention, cross-site scripting, and many more. Moving forward, you will go through the steps necessary to make security, compliance, audit, and UX automated to increase the efficiency of your organization. You’ll see demonstrations of the CI phase of DevOps, on-premise and hosted, along with code analysis methods to verify product quality. Finally, you will learn network security in Docker and containers followed by compliance and security standards. 

After reading DevSecOps for .NET Core, you will be able to understand how automation, security, and compliance works in all the stages of the DevOps pipeline while showcasing real-world examples of solutions developed and deployed using .NET Core 3.

 

What You Will Learn

  • Implement security for the .NET Core runtime for cross-functional workloads 
  • Work with code style and review guidelines to improve the security, performance, and maintenance of components
  • Add to DevOps pipelines to scan code for security vulnerabilities
  • Deploy software on a secure infrastructure, on Docker, Kubernetes, and cloud environments
    • Who This Book Is For

    Software engineers and developers who develop and maintain a secure code repository. 

    ✦ Table of Contents

    Table of Contents
    About the Author
    About the Technical Reviewer
    Acknowledgments
    Introduction
    Chapter 1: Modern Software Engineering
    Software Design
    Solutions on the Internet
    Multicultural Customers
    The Ever-Changing Market
    Security and Compliance Requirements
    Prerequisites
    What to Expect in This Book
    What Not to Expect in This Book
    Chapter 2: DevOps with Security
    The DevOps Cycle
    Adding Security
    Sec: Security, Performance, and Productivity
    Simple .NET Core App
    Manual Builds
    Basic Testing and QA
    Code-Analysis Services
    StyleCops.Analyzers
    Codacy Overview
    ASP.NET Core Sample
    HTTPS vs. SSH
    GitHub
    GitLab
    Azure DevOps
    Summary
    Chapter 3: Writing Secure Apps
    Write Less, Write Secure
    SAST, DAST, IAST, and RASP
    Developer Training
    Analyzers for Secure Code
    Runtime Selection and Configuration
    Code Smells, Bugs, Performance Issues and Naive Errors
    Vulnerabilities in Web Apps
    Fixing Injection and Scripting Attacks
    Scripting Problems: XSS, Token Forgery, and Session Hijacks
    Automated Tests
    Microservices: Separation of Concerns
    N-Tier Products with Hidden Databases
    Corporate Applications
    Increasing Scalability
    Communication in Services
    TCP
    HTTP/2, gRPC, and Beyond
    gRPC Sample
    Using Secure Cryptographic Methods
    MD5 and SHA1 for File Hashes
    Apply SSL Across Domain
    Summary
    Chapter 4: Automating Everything as Code
    Version Control and Audit
    Centralized Version Control Systems
    Distributed Version Control Systems
    GitOps
    Hosted Code Storage
    Infrastructure as Code (IaC)
    Azure Resource Manager as an IaC Toolkit
    Ansible, Terraform, and More
    Automating Code Building and Deployment
    Creating Build Pipelines
    Utilizing a Bug Database
    Compliance and Policies
    Risk and Bugs Analysis
    Feature Flags
    Summary
    Chapter 5: Securing Build Systems for DevOps
    On-Premises vs. Hosted CI/CD
    Jenkins Overview
    Azure VSTS (Azure DevOps Server)
    GitLab Auto DevOps and GitHub Actions
    Securing Logs
    Artifact Publishing, Caching, and Hashing
    Docker Containers for Build Environments
    Automated Deployments
    Summary
    Chapter 6: Automating Production Environments for Quality
    Host Platforms
    Docker and Containers
    Network Security
    Web Firewalls
    DDoS
    SSL and Encryption
    API Management
    Configuration and Credentials
    Mobile Applications
    Secure Vaults
    System Failure and Post-Mortems
    Infrastructure Rollbacks
    Summary
    Chapter 7: Compliance and Security
    Auditing
    Data Privacy and Control
    DevOps Audit Defense Toolkit
    Automated Issue Tracking
    Summary
    Index

    📜 SIMILAR VOLUMES

    ASP.NET Core 5 Secure Coding Cookbook: P
    📁 ASP.NET Core 5 Secure Coding Cookbook: Practical recipes for tackling vulnerabilities in your ASP.NET web applications
    ✍ Roman Canlas; Ed Price 📂 Library 🏛 Packt Publishing 🌐 English

    <p><b>Learn how to secure your ASP.NET Core web app through robust and secure code</b></p>Key Features<li>Discover the different types of security weaknesses in ASP.NET Core web applications and learn how to fix them</li><li>Understand what code makes an ASP.NET Core web app unsafe</li><li>Build you

    C# 8.0 and .NET Core 3.0 – Modern Cross-
    📁 C# 8.0 and .NET Core 3.0 – Modern Cross-Platform Development: Build applications with C#, .NET Core, Entity Framework Core, ASP.NET Core, and ML.NET using Visual Studio Code, 4th Edition
    ✍ Mark J. Price 📂 Library 📅 2019 🏛 Packt Publishing Ltd 🌐 English

    Learn the fundamentals, practical applications, and latest features of C# 8.0 and .NET Core 3.0 from expert teacher Mark J. Price. Key Features Build modern, cross-platform applications with .NET Core 3.0 Get up to speed with C#, and up to date with all the latest features of C# 8.0 Start creating p

    C# 7 and .NET Core 2.0 Blueprints: Build
    📁 C# 7 and .NET Core 2.0 Blueprints: Build effective applications that meet modern software requirements
    ✍ Dirk Strauss, Jas Rademeyer 📂 Library 📅 2018 🏛 Packt Publishing 🌐 English

    Leverage the features of C# 7 and .NET core 2.0 to build real-world .NET core applications Key Features See how to incorporate Entity Framework Core to build ASP .NET core MVC application Get hands-on SignalR and NuGet packages Work with Reactive Extensions (Rx.Net) using the elasticsearch too

    C# 7 and .NET Core 2.0 Blueprints: Build
    📁 C# 7 and .NET Core 2.0 Blueprints: Build effective applications that meet modern software requirements
    ✍ Rademeyer, Jas;Strauss, Dirk 📂 Library 📅 2018 🏛 Packt Publishing 🌐 English

    .NET Core is a general purpose, modular, cross-platform and open source implementation of .NET. With the latest release of .NET Core, more APIs are expected to show up, which will make APIs consistent across .NET Framework, .NET Core, and Xamarin. This guide will teach you the essential .NET Core an

    ASP.NET Core and Angular 2: create power
    📁 ASP.NET Core and Angular 2: create powerful applications for the modern web
    ✍ Sanctis, Valerio De 📂 Library 📅 2016 🏛 Packt Publishing Limited 🌐 English

    Create powerful applications for the modern web About This Book Build a complete single page application with two of the most impressive frameworks in modern development Find out how to bring together the capabilities and features of both Angular 2 and ASP.NET Core From managing data, to application