Learning DevSecOps: A Practical Guide to Processes and Tools

✍ Scribed by Steve Suehring

Publisher: O'Reilly Media
Year: 2024
Tongue: English
Leaves: 195
Edition: 1
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

How do some organizations maintain 24-7 internet-scale operations? How can organizations integrate security while continuously deploying new features? How do organizations increase security within their DevOps processes?

This practical guide helps you answer those questions and more. Author Steve Suehring provides unique content to help practitioners and leadership successfully implement DevOps and DevSecOps. Learning DevSecOps emphasizes prerequisites that lead to success through best practices and then takes you through some of the tools and software used by successful DevSecOps-enabled organizations.

You'll learn how DevOps and DevSecOps can eliminate the walls that stand between development, operations, and security so that you can tackle the needs of other teams early in the development lifecycle.

With this book, you will:
• Learn why DevSecOps is about culture and processes, with tools to support the processes
• Understand why DevSecOps practices are key elements to deploying software in a 24-7 environment
• Deploy software using a DevSecOps toolchain and create scripts to assist
• Integrate processes from other teams earlier in the software development lifecycle
• Help team members learn the processes important for successful software development

✦ Table of Contents

Cover
Copyright
Table of Contents
Preface
What Is DevSecOps?
Who Is This Book For?
How This Book Is Organized
Conventions Used in This Book
O’Reilly Online Learning
How to Contact Us
Acknowledgments
Chapter 1. The Need for DevSecOps
Developing Software
Developing Agility
Developing Broken Software
Operating in a Darkroom
Security as an Afterthought
Culture First
Processes over Tools
Promoting the Right Skills
DevSecOps as Process
The DevSecOps SDLC
Summary
Chapter 2. Foundational Knowledge in 25 Pages or Less
The Command-Line Interface
Command Line Versus Terminal Versus Shell
Why Do I Need the Command Line?
Getting Started with the Command Line
Protocols: A High-Level Overview
Protocol Layers
Two Protocols Plus Another
Basic Internet Protocols
Data Security: Confidentiality, Integrity, and Availability
Development Overview for Scripting
Commands and Built-ins
Basic Programmatic Constructs: Variables, Data, and Data Types
Making Decisions with Conditionals
Looping
Lists and Arrays
Summary
Chapter 3. Integrating Security
Integrating Security Practices
Implementing Least Privilege
Maintaining Confidentiality
Data in Flight
Data at Rest
Verifying Integrity
Checksums
Verifying Email
Providing Availability
Service-Level Agreements and Service-Level Objectives
Identifying Stakeholders
Identifying Availability Needs
Defining Availability and Estimating Costs
What About Accountability?
Site Reliability Engineering
Code Traceability and Static Analysis
Becoming Security Aware
Finding Formal Training
Obtaining Free Knowledge
Enlightenment Through Log Analysis
Practical Implementation: OWASP ZAP
Creating a Target
Installing ZAP
Getting Started with ZAP: Manual Scan
Summary
Chapter 4. Managing Code and Testing
Examining Development
Be Intentional and Deliberate
Don’t Repeat Yourself
Managing Source Code with Git
A Simple Setup for Git
Using Git (Briefly)
Branching and Merging
Examining the Gitflow Pattern
Examining the Trunk-Based Pattern
Testing Code
Unit Testing
Integration Testing
System Testing
Automating Tests
Summary
Chapter 5. Moving Toward Deployment
Managing Configuration as Code and Software Bill of Materials (SBOM)
Using Docker
Container and Image Concepts
Obtaining Images
Deploying Safely with Blue-Green Deployment
Summary
Chapter 6. Deploy, Operate, and Monitor
Continuous Integration and Continuous Deployment
Building and Maintaining Environments with Ansible
Using Jenkins for Deployment
Creating a Pipeline
Monitoring
Summary
Chapter 7. Plan and Expand
Scaling Up with Kubernetes
Understanding Basic Kubernetes Terms
Installing Kubernetes
Deploying with Kubernetes
Defining a Deployment
Defining a Service
Moving Toward Microservices
Connecting the Resources
Integrating Helm
Summary
Chapter 8. Beyond DevSecOps
DevSecOps Patterns
Shifting Left and Adding CI/CD
Multicloud Integration
Integrated and Automatic Security
Linux Everywhere
Refactor and Redeploy
Summary
Appendix A. Ports and Protocols
Appendix B. Command Reference
Basic Command-Line Navigation
Directory Listing
Pager
Command Recall and Tab Completion
Creating Directories
Changing Permissions and Ownership
Screen Is Your Friend
Using grep
Using touch
DNS with dig
Determine Address for a Host
Changing the Server to Be Queried
Finding the Authoritative Nameserver
Querying the Authoritative Nameserver
Finding Mail Servers
Finding SPF and TXT Records
Examining the Root
Index
About the Author
Colophon

✦ Subjects

DevOps; Security; Monitoring; Deployment; Testing; DevSecOps

📜 SIMILAR VOLUMES

Implementing Six Sigma and Lean: A pract

📁 Implementing Six Sigma and Lean: A practical guide to tools and techniques

✍ Ron Basu 📂 Library 📅 2008 🌐 English

This is a comprehensive, user-friendly and hands-on book that is a single source of reference of tools and techniques for all quality practitioners. Implementing Six Sigma and Lean covers the basics of how to manage for consistently high quality and gives good coverage of both simple tools and advan

A Practical Guide to Teaching and Learni

📁 A Practical Guide to Teaching and Learning

✍ Oran Tkatchov, Michele Pollnow 📂 Library 📅 2011 🏛 R&L Education 🌐 English

A Practical Guide to Teaching and Learning contains a compilation of fifteen main ideas or concepts that will help teachers to become better at what they do to help learners reach their potential. Each concept is a common sense approach that is backed by research and provides an understanding of wha

The eLearning Designer's Handbook: A Pra

📁 The eLearning Designer's Handbook: A Practical Guide to the eLearning Development Process for New eLearning Designers

✍ Tim Slade 📂 Library 🌐 English

<h2><span>LEARN HOW TO DESIGN ELEARNING THAT DELIVERS RESULTS (AND DOESN'T SUCK)!</span></h2><p><span>When you’re tasked with creating your very first eLearning course, it can be hard (and downright scary) trying to figure out where to begin. You likely have a million questions running through your

LEAN Production – Easy and Comprehensive

📁 LEAN Production – Easy and Comprehensive: A practical guide to lean processes explained with pictures

✍ Roman Hänggi, André Fimpel, Roland Siegenthaler 📂 Library 📅 2022 🏛 Springer Vieweg 🌐 English

<p><span>No production is perfect. Waste always creeps into the processes, makes them slow, sluggish and expensive. Parts and material pile up in the warehouse, production takes place in unnecessarily large batches, transport is taking time, employees wait unproductively for their next task or produ

A Practical Guide to Behavioral Research

📁 A Practical Guide to Behavioral Research : Tools and Techniques

✍ Sommer 📂 Library 🌐 English

SAS Stored Processes: A Practical Guide

📁 SAS Stored Processes: A Practical Guide to Developing Web Applications

✍ Philip Mason 📂 Library 📅 2020 🏛 Apress 🌐 English

Customize the SAS Stored Process web application to create amazing tools for end users. This book shows you how to use stored processes―SAS programs stored on a server and executed as required by requesting applications.<p>Never before have there been so many ways to turn data into information and b