Bibliography Cloud DevOps DevSecOps-Security-Privacy Software Engineering

Securing DevOps: Security in the Cloud – ISBN-13: 978-1617294136

See: Securing DevOps: Security in the Cloud, Publisher ‏ : ‎ Manning Publications; 1st edition (August 24, 2018)

Fair Use Source:


Securing DevOps explores how the techniques of DevOps and security should be applied together to make cloud services safer. This introductory book reviews the latest practices used in securing web applications and their infrastructure and teaches you techniques to integrate security directly into your product. You’ll also learn the core concepts of DevOps, such as continuous integration, continuous delivery, and infrastructure as a service.

Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.

About the Technology

An application running in the cloud can benefit from incredible efficiencies, but they come with unique security threats too. A DevOps team’s highest priority is understanding those risks and hardening the system against them.

About the Book

Securing DevOps teaches you the essential techniques to secure your cloud services. Using compelling case studies, it shows you how to build security into automated testing, continuous delivery, and other core DevOps processes. This experience-rich book is filled with mission-critical strategies to protect web applications against attacks, deter fraud attempts, and make your services safer when operating at scale. You’ll also learn to identify, assess, and secure the unique vulnerabilities posed by cloud deployments and automation tools commonly used in modern infrastructures.

What’s inside

  • An approach to continuous security
  • Implementing test-driven security in DevOps
  • Security techniques for cloud services
  • Watching for fraud and responding to incidents
  • Security testing and risk assessment

About the Reader

Readers should be comfortable with Linux and standard DevOps practices like CI, CD, and unit testing.

About the Author

Julien Vehent is a security architect and DevOps advocate. He leads the Firefox Operations Security team at Mozilla, and is responsible for the security of Firefox’s high-traffic cloud services and public websites.

Table of Contents

  1. Securing DevOps
  2. Building a barebones DevOps pipeline
  3. Security layer 1: protecting web applications
  4. Security layer 2: protecting cloud infrastructures
  5. Security layer 3: securing communications
  6. Security layer 4: securing the delivery pipeline
  7. Collecting and storing logs
  8. Analyzing logs for fraud and attacks
  9. Detecting intrusions
  10. The Caribbean breach: a case study in incident response
  11. Assessing risks
  12. Testing security
  13. Continuous security

Bibliography DevOps DevSecOps-Security-Privacy Java Software Engineering Spring Framework

B081W4C2DH ISBN-13: 978-1484250518

See: Pro Spring Security: Securing Spring Framework 5 and Boot 2-based Java Applications, 2nd Edition, Publisher ‏ : ‎ Apress; 2nd ed. edition (November 22, 2019)

See also: Spring Bibliography, Spring Framework and Cloud Native

Fair Use Source:

Bibliography DevOps DevSecOps-Security-Privacy Software Engineering SRE - Reliability engineering - Chaos engineer

B08CTGR1XC ISBN-13: ‎978-1718501126

See: Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters

Fair Use Source:

Bibliography DevOps DevSecOps-Security-Privacy JavaScript Software Engineering


See: Web Security for Developers: Real Threats, Practical Defense Illustrated Edition

Fair Use Source:

Azure Bibliography DevOps


See: Microsoft Exam Ref MS-500 Microsoft 365 Security Administration with Practice Test Kindle Edition

Fair Use Source:

Bibliography DevOps DevSecOps-Security-Privacy Windows Desktop

Microsoft Exam Ref MS-500 Microsoft 365 Security Administration

See: B08GLHMT32

See also: Microsoft Certification Exams

Direct from Microsoft, this Exam Ref is the official study guide for the new Microsoft MS-500 Microsoft 365 Security Administration certification exam.

Exam Ref MS-500 Microsoft 365 Security Administration offers professional-level preparation that helps candidates maximize their exam performance and sharpen their skills on the job. It focuses on the specific areas of expertise modern IT professionals need to implement and administer security in any Microsoft 365 environment. Coverage includes:

  • Implementing and managing identity and access
  • Implementing and managing threat protection
  • Implementing and managing information protection
  • Managing governance and compliance features in Microsoft 365

Microsoft Exam Ref publications stand apart from third-party study guides because they:

  • Provide guidance from Microsoft, the creator of Microsoft certification exams
  • Target IT professional-level exam candidates with content focused on their needs, not “one-size-fits-all” content
  • Streamline study by organizing material according to the exam’s objective domain (OD), covering one functional group and its objectives in each chapter
  • Feature Thought Experiments to guide candidates through a set of “what if?” scenarios, and prepare them more effectively for Pro-level style exam questions
  • Explore big picture thinking around the planning and design aspects of the IT pro’s job role

For more information on Exam MS-500 and the Microsoft 365 Certified: Security Administrator Associate, visit

Fair Use Source:

Bibliography DevSecOps-Security-Privacy Windows Server


See: Microsoft Exam Ref 70-744 Securing Windows Server 2016 1st Edition, Kindle Edition

Fair Use Source:

Bibliography DevSecOps-Security-Privacy Windows Server

Microsoft Exam Ref 70-744 Securing Windows Server 2016


See also: Microsoft Certification Exams

The Exam Ref is the official study guide for Microsoft certification exams. Featuring concise coverage of the skills measured by the exam, challenging Thought Experiments, and pointers to more in-depth material for the candidate needing additional study, exam candidates get professional-level preparation for the exam. The Exam Ref helps candidates determine their readiness for the exam, and provides Exam Tips to help maximize their performance on the exam. The organization of the material mirrors the skills measured by the exam as presented on the certification exam webpage.

Fair Use Source:

Azure Bibliography DevOps DevSecOps-Security-Privacy


See: Exam Ref AZ-500 Microsoft Azure Security Technologies

Fair Use Source:

Azure Bibliography DevOps DevSecOps-Security-Privacy

Microsoft Exam Ref AZ-500 Microsoft Azure Security Technologies

Prepare for Microsoft Exam AZ-500: Demonstrate your real-world knowledge of Microsoft Azure security, including tools and techniques for protecting identity, access, platforms, data, and applications, and for effectively managing security operations. Designed for professionals with Azure security experience, this Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified: Azure Security Engineer Associate level.  

Focus on the expertise measured by these objectives:

• Manage identity and access

• Implement platform protection

• Manage security operations

• Secure data and applications

This Microsoft Exam Ref:

• Organizes its coverage by exam objectives

• Features strategic, what-if scenarios to challenge you

• Assumes you have expertise implementing security controls and threat protection, managing identity and access, and protecting assets in cloud and hybrid environments

About the Exam

Exam AZ-500 focuses on the knowledge needed to manage Azure Active Directory identities; configure secure access with Azure AD; manage application access and access control; implement advanced network security; configure advanced security for compute; monitor security with Azure Monitor, Azure Firewall manager, Azure Security Center, Azure Defender, and Azure Sentinel; configure security policies; configure security for storage and databases; and configure and manage Key Vault.

About Microsoft Certification 

Passing this exam fulfills your requirements for the Microsoft Certified: Azure Security Engineer Associate credential, demonstrating your expertise as an Azure Security Engineer capable of maintaining security posture, identifying and remediating vulnerabilities, implementing threat protection, and responding to incident escalations as part of a cloud-based management and security team.


See also: Microsoft Certification Exams

Fair Use Source:



See: Microservices Security in Action: Design secure network and API endpoint security for Microservices applications, with examples using Java, Kubernetes, and Istio 1st Edition

See also Kubernetes and Cloud Native

Fair Use Source:



See: Hacking Kubernetes: Threat-Driven Analysis and Defense 1st Edition

See also Kubernetes and Cloud Native

Fair Use Source:



See: Kubernetes Security and Observability: A Holistic Approach to Securing and Troubleshooting Cloud Native Applications Paperback – December 21, 2021

See also Kubernetes and Cloud Native

Fair Use Source:

Android OS Apple iOS Artificial Intelligence AWS Azure Bibliography C Language C# .NET C++ Cloud Data Science - Big Data DevOps DevSecOps-Security-Privacy GCP Go Programming Language Java JavaScript Kotlin Kubernetes Linux Networking Operating Systems PowerShell Python React Software Engineering Spring Framework SRE - Reliability engineering - Chaos engineer Swift TypeScript Vue.js Framework Windows Server

Manning Publications

See also Java Bibliography, JavaScript Bibliography, Python Bibliography

Manning publishes the best quality IT books in the industry.

Manning is an independent publisher, providing computer books for software developers, engineers, architects, system administrators, and managers. Our books also cover topics for young programmers, students, and occasionally children.


Manning is an independent publisher of computer books and video courses for software developers, engineers, architects, system administrators, managers and all who are professionally involved with the computer business. We also publish for students and young programmers, including occasionally for children. We are an entirely virtual organization based on Shelter Island, New York, with many staff working from far-flung places like Manila and Zagreb.

company character

“Independent” means we are not owned by a large corporate entity and are free to make decisions without bureaucratic overhead. That has allowed us to innovate and be flexible and to quickly adjust what we do as we go. We were the first by several years to sell our books as unprotected PDFs, something that later became commonplace. We were the first to start selling books before they were finished, in the Manning Early Access Program. This gave our readers access to our content as soon as it was readable, and this too has become common in the industry. And it means we are thinking every day about new ways to satisfy our customers, some of which we hope you will be pleased to discover in the not-too-distant future.

how we improve

We published our first book in 1993 and have been learning from our successes, and even more from our mistakes, ever since. Every new book teaches us something that helps us improve:

  • How to choose the topics we publish on
  • How to find the right authors for each book
  • How to help authors write the best books they can
  • How to ensure the content is valuable and easy to learn
  • How to let readers know about our content

book series

We publish standalone titles as well as the following book series:

  • Hello!
  • In Action
  • In Practice
  • In Depth
  • In a Month of Lunches


Readers can access our books through the Manning Early Access Program, O’Reilly Learning (formerly Safari Books Online), and iBooks. Print copies, wherever they are bought, come with free electronic versions in PDF, ePub and Kindle formats. With your print copy in hand, register it on the Manning site and you can download the digital versions from your account.

At this time, our eBooks are available only from and Apple’s iBookstore.


Fair Use Sources:

Artificial Intelligence Bibliography Cloud Data Science - Big Data DevOps Hardware and Electronics History Networking Software Engineering

Oxford Dictionary of Computer Science

Fair Use Source: B019GXM8X8 (ODCS)

A Dictionary of Computer Science (Oxford Quick Reference) 7th Edition, by Editors Andrew Butterfield, Gerard Ngondi, Anne Kerr

Previously named A Dictionary of Computing, this bestselling dictionary has been renamed A Dictionary of Computer Science, and fully revised by a team of computer specialists, making it the most up-to-date and authoritative guide to computing available. Containing over 6,500 entries and with expanded coverage of multimedia, computer applications, networking, and personal computer science, it is a comprehensive reference work encompassing all aspects of the subject and is as valuable for home and office users as it is indispensable for students of computer science.

Terms are defined in a jargon-free and concise manner with helpful examples where relevant. The dictionary contains approximately 150 new entries including cloud computing, cross-site scripting, iPad, semantic attack, smartphone, and virtual learning environment. Recommended web links for many entries, accessible via the Dictionary of Computer Science companion website, provide valuable further information and the appendices include useful resources such as generic domain names, file extensions, and the Greek alphabet.

This dictionary is suitable for anyone who uses computers, and is ideal for students of computer science and the related fields of IT, maths, physics, media communications, electronic engineering, and natural sciences.

Book Details

  • ASIN : B019GXM8X8
  • Publisher : OUP Oxford; 7th edition (January 28, 2016)
  • Publication date : January 28, 2016
  • Print length : 641 pages
  • First edition 1983, Second edition 1986, Third edition 1990, Fourth edition 1996, Fifth edition 2004, Sixth edition 2008, Seventh edition 2016
  • ISBN 978–0–19–968897–5, ebook ISBN 978–0–19–100288–5


“The first edition of this dictionary was published in 1983 as a specialist reference work for computer professionals and for people interested in the underlying concepts and theories of computer science. Over successive editions, the work has been expanded and changed to reflect the technological and social changes that have occurred, especially the enormous growth in home computing and the Internet. In particular, the fourth edition (1996) included an additional 1700 entries catering for a wider readership. At the same time, the editors have retained the basic principles of the original book.”

“In the seventh edition of the dictionary we have followed the same line. The existing entries have been updated and over 120 new entries have been added. In particular, coverage of areas such as database management and social networking has been increased to reflect the growing importance of these areas. Some obsolete terms have been deleted, although some have been kept for their historical interest. Links to useful websites have been updated and more added. There are also six special feature spreads, giving information on selected topics.”

JL, ASK, 2015

Guide to the Dictionary

“Synonyms and generally used abbreviations are given either in brackets immediately after the relevant entry title, or occasionally in the text of the entry with some additional information or qualification.”

“A distinction is made between an acronym and an abbreviation: an acronym can be pronounced while an abbreviation cannot. The entry for an acronym usually appears at the acronym itself, whereas the entry for an abbreviation may appear either at the unabbreviated form or at the abbreviation—depending on which form is most commonly used. When a term is defined under an abbreviation, the entry for the unabbreviated form simply cross-refers the reader to the abbreviation.”

“Some terms listed in the dictionary are used both as nouns and verbs. This is usually indicated in the text of an entry if both forms are in common use. In many cases a noun is also used in an adjectival form to qualify another noun. This occurs too often to be noted.”

Fair Use Source: B019GXM8X8 (ODCS)