Categories
Bibliography Cloud DevOps DevSecOps-Security-Privacy Software Engineering

Securing DevOps: Security in the Cloud – ISBN-13: 978-1617294136

See: Securing DevOps: Security in the Cloud, Publisher ‏ : ‎ Manning Publications; 1st edition (August 24, 2018)

Fair Use Source:

Summary

Securing DevOps explores how the techniques of DevOps and security should be applied together to make cloud services safer. This introductory book reviews the latest practices used in securing web applications and their infrastructure and teaches you techniques to integrate security directly into your product. You’ll also learn the core concepts of DevOps, such as continuous integration, continuous delivery, and infrastructure as a service.

Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.

About the Technology

An application running in the cloud can benefit from incredible efficiencies, but they come with unique security threats too. A DevOps team’s highest priority is understanding those risks and hardening the system against them.

About the Book

Securing DevOps teaches you the essential techniques to secure your cloud services. Using compelling case studies, it shows you how to build security into automated testing, continuous delivery, and other core DevOps processes. This experience-rich book is filled with mission-critical strategies to protect web applications against attacks, deter fraud attempts, and make your services safer when operating at scale. You’ll also learn to identify, assess, and secure the unique vulnerabilities posed by cloud deployments and automation tools commonly used in modern infrastructures.

What’s inside

  • An approach to continuous security
  • Implementing test-driven security in DevOps
  • Security techniques for cloud services
  • Watching for fraud and responding to incidents
  • Security testing and risk assessment

About the Reader

Readers should be comfortable with Linux and standard DevOps practices like CI, CD, and unit testing.

About the Author

Julien Vehent is a security architect and DevOps advocate. He leads the Firefox Operations Security team at Mozilla, and is responsible for the security of Firefox’s high-traffic cloud services and public websites.

Table of Contents

  1. Securing DevOps
  2. Building a barebones DevOps pipeline
  3. Security layer 1: protecting web applications
  4. Security layer 2: protecting cloud infrastructures
  5. Security layer 3: securing communications
  6. Security layer 4: securing the delivery pipeline
  7. Collecting and storing logs
  8. Analyzing logs for fraud and attacks
  9. Detecting intrusions
  10. The Caribbean breach: a case study in incident response
  11. Assessing risks
  12. Testing security
  13. Continuous security

Categories
Bibliography DevOps DevSecOps-Security-Privacy Java Kubernetes Software Engineering Spring Framework

DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers, 1st Edition – ISBN-13: 978-1492084020, 2022

See: DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers, 1st Edition, Publisher ‏ : ‎ O’Reilly Media; 1st edition (January 18, 2022)

Fair Use Source:

With the rise of DevOps, low-cost cloud computing, and container technologies, the way Java developers approach development today has changed dramatically. This practical guide helps you take advantage of microservices, serverless, and cloud native technologies using the latest DevOps techniques to simplify your build process and create hyperproductive teams.

Stephen Chin, Melissa McKay, Ixchel Ruiz, and Baruch Sadogursky help you evaluate an array of options. The list includes source control with Git, build declaration with Maven and Gradle, CI/CD with CircleCI, package management with Artifactory, containerization with Docker and Kubernetes, and much more. Whether you’re building applications with Jakarta EE, Spring Boot, Dropwizard, MicroProfile, Micronaut, or Quarkus, this comprehensive guide has you covered.

  • Explore software lifecycle best practices
  • Use DevSecOps methodologies to facilitate software development and delivery
  • Understand the business value of DevSecOps best practices
  • Manage and secure software dependencies
  • Develop and deploy applications using containers and cloud native technologies
  • Manage and administrate source control repositories and development processes
  • Use automation to set up and administer build pipelines
  • Identify common deployment patterns and antipatterns
  • Maintain and monitor software after deployment

About the Author

Stephen Chin is Head of Developer Relations at JFrog and author of The Definitive Guide to Modern Client Development, Raspberry Pi with Java, and Pro JavaFX Platform. He has keynoted numerous Java conferences around the world including Devoxx, JNation, JavaOne, Joker, and Open Source India. Stephen is an avid motorcyclist who has done evangelism tours in Europe, Japan, and Brazil, interviewing hackers in their natural habitat. When he is not traveling, he enjoys teaching kids how to do embedded and robot programming together with his teenage daughter. You can follow his hacking adventures at: http://steveonjava.com/.

Melissa McKay is currently a Developer Advocate with the JFrog Developer Relations team. She has been active in the software industry 20 years and her background and experience spans a slew of technologies and tools used in the development and operation of enterprise products and services. Melissa is a mom, software developer, Java geek, huge promoter of Java UNconferences, and is always on the lookout for ways to grow, learn, and improve development processes. She is active in the developer community, has spoken at CodeOne, Java Dev Day Mexico and assists with organizing the JCrete and JAlba Unconferences as well as Devoxx4Kids events.

Ixchel Ruiz has developed software applications and tools since 2000. Her research interests include Java, dynamic languages, client-side technologies, and testing. She is a Java Champion, Groundbreaker Ambassador, Hackergarten enthusiast, open source advocate, JUG leader, public speaker, and mentor.

Baruch Sadogursky (a.k.a JBaruch) is the Chief Sticker Officer @JFrog (also, Head of DevOps Advocacy) at JFrog. His passion is speaking about technology. Well, speaking in general, but doing it about technology makes him look smart, and 19 years of hi-tech experience sure helps. When he’s not on stage (or on a plane to get there), he learns about technology, people and how they work, or more precisely, don’t work together.

He is a co-author of the Liquid Software book, a CNCF ambassador and a passionate conference speaker on DevOps, DevSecOps, digital transformation, containers and cloud-native, artifact management and other topics, and is a regular at the industry’s most prestigious events including DockerCon, Devoxx, DevOps Days, OSCON, Qcon, JavaOne and many others. You can see some of his talks at jfrog.com/shownotes

Categories
Bibliography DevOps DevSecOps-Security-Privacy Java Software Engineering Spring Framework

B081W4C2DH ISBN-13: 978-1484250518

See: Pro Spring Security: Securing Spring Framework 5 and Boot 2-based Java Applications, 2nd Edition, Publisher ‏ : ‎ Apress; 2nd ed. edition (November 22, 2019)

See also: Spring Bibliography, Spring Framework and Cloud Native

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Software Engineering SRE - Reliability engineering - Chaos engineer

B08CTGR1XC ISBN-13: ‎978-1718501126

See: Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Software Engineering

B078Y98RG8

See: The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Software Engineering

B07B9F83WM

See: Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Django Web Framework Python Software Engineering

B074HXXXLS

See: Test-Driven Development with Python: Obey the Testing Goat: Using Django, Selenium, and JavaScript 2nd Edition

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Python Software Engineering

B0773VRHWT

See: Python Testing with pytest: Simple, Rapid, Effective, and Scalable 1st Edition

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Python Software Engineering

B00LJV2GXI

See: Testing Python: Applying Unit Testing, TDD, BDD and Acceptance Testing 1st Edition

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy JavaScript React Software Engineering

B095HBPZXM

See: Test-Driven Development with React: Apply Test-Driven Development in Your Applications 1st ed. Edition

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Software Engineering

B0872KBFF4

See: Distributed Tracing in Practice: Instrumenting, Analyzing, and Debugging Microservices 1st Edition

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Software Engineering

B00I8W50T8

See: Explore It!: Reduce Risk and Increase Confidence with Exploratory Testing 1st Edition, Kindle Edition

Fair Use Source:

Categories
Bibliography C# .NET DevOps DevSecOps-Security-Privacy Java Software Engineering

B07FKGVQP6

See: Complete Guide to Test Automation: Techniques, Practices, and Patterns for Building and Maintaining Effective Software Projects 1st ed. Edition, Kindle Edition

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Software Engineering

B08XW95Q32

See: API Testing and Development with Postman: A practical guide to creating, testing, and managing APIs for automated software testing

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Software Engineering

B076YXM51F

See: Software Testing Automation Tips: 50 Things Automation Engineers Should Know 1st ed. Edition

Fair Use Source: