"Security as Code" is a hands-on guide to integrating security into the software development lifecycle. This book provides a comprehensive approach to writing secure code, automating security testing, and implementing DevSecOps practices.
Chapter Overview:
Chapter 1: Introduction to Security ...
,Security as Code
DevOps engineers, developers, and security engineers have
ever-changing roles to play in today’s cloud native world. In “An excellent guide.
order to build secure and resilient applications, you have to
Security as Code takes
be equipped with security knowledge. Enter security as code.
you from abstract
In this book, authors BK Sarthak Das and Virginia Chu concept to the working
demonstrate how to use this methodology to secure technology, people, and
any application and infrastructure you want to deploy. processes. If you need to
With Security as Code, you’ll learn how to create a secure
actually do the work of
environment using CI/CD tooling from AWS and open source
shifting security left, this
providers. You’ll also see how a containerized application can
be deployed as infrastructure as code (IaC) within AWS.
book is for you.”
—Fritz Kunstler
This practical guide also provides common patterns and Principal, AWS Global Services Security
methods to develop secure and resilient infrastructure.
• Learn the tools of the trade using Kubernetes and the AWS “The ultimate hands-on
Code Suite security guide for DevOps
roles, covering tooling
• Set up IaC and run scans to detect misconfigured resources
and processes.”
in your code
—Michael Hausenblas
• Create secure logging patterns with CloudWatch and Solution Engineering Lead, AWS
other tools
• Restrict system access to authorized users with role-based
access control (RBAC) BK Sarthak Das works at Google as a
security engineer and was previously
• Inject faults to test the resiliency of your application with at AWS as a senior security architect.
AWS Fault Injection Simulator or open source tooling
Virginia Chu is a principal DevSecOps
• Learn how to pull everything together into one deployment engineer at AWS who began her career
as a Linux system administrator and
developer.
SECURIT Y Twitter: @oreillymedia
linkedin.com/company/oreilly-media
US $55.99 CAN $69.99 youtube.com/oreillymedia
ISBN: 978-1-098-14277-3
978-1-098-12746-6
www.dbooks.org
, Automate Modern App and
API Security with Ease — Shift Left
with F5 NGINX App Protect
Move Fast, Secure Fast, Stay Agile
In today’s competitive landscape, being agile is more essential than ever before:
it helps you adapt quickly to the latest trends, stay ahead of competitors, and
better serve your customers. You no longer need to sacrifice security for agility.
DevOps can integrate security controls authorized by SecOps across distributed
environments without slowing app performance or release velocity.
Shifting security left is a key strategy for app development and deployment.
By automating application and API security in the early stages of your CI/CD pipeline,
you can build more reliable apps, reduce the cost of a breach by up to 80%, and
accelerate your time to market, keeping you one step ahead of the competition.
NGINX App Protect is a lightweight, high-performance, modern application security
solution that integrates seamlessly into DevOps environments as a WAF or app-level
DoS defense, helping your enterprise shift security left and deliver secure apps
for easy DevSecOps.
Delivers advanced WAF Integrates easily into the CI/CD
security beyond basic tool chain; infrastructure agnostic
OWASP Top 10 protection
Facilitates declarative policies Protects against DoS attacks at
for “security as code” enabling both Layers 4 and 7
enterprises to shift security left
Download a 30-day free trial today at:
nginx.com/free-trial-request/
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller muhammadmuneeb2. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $4.69. You're not tied to anything after your purchase.
