Categories
Bibliography Cloud DevOps DevSecOps-Security-Privacy Software Engineering

Securing DevOps: Security in the Cloud – ISBN-13: 978-1617294136

See: Securing DevOps: Security in the Cloud, Publisher ‏ : ‎ Manning Publications; 1st edition (August 24, 2018)

Fair Use Source:

Summary

Securing DevOps explores how the techniques of DevOps and security should be applied together to make cloud services safer. This introductory book reviews the latest practices used in securing web applications and their infrastructure and teaches you techniques to integrate security directly into your product. You’ll also learn the core concepts of DevOps, such as continuous integration, continuous delivery, and infrastructure as a service.

Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.

About the Technology

An application running in the cloud can benefit from incredible efficiencies, but they come with unique security threats too. A DevOps team’s highest priority is understanding those risks and hardening the system against them.

About the Book

Securing DevOps teaches you the essential techniques to secure your cloud services. Using compelling case studies, it shows you how to build security into automated testing, continuous delivery, and other core DevOps processes. This experience-rich book is filled with mission-critical strategies to protect web applications against attacks, deter fraud attempts, and make your services safer when operating at scale. You’ll also learn to identify, assess, and secure the unique vulnerabilities posed by cloud deployments and automation tools commonly used in modern infrastructures.

What’s inside

  • An approach to continuous security
  • Implementing test-driven security in DevOps
  • Security techniques for cloud services
  • Watching for fraud and responding to incidents
  • Security testing and risk assessment

About the Reader

Readers should be comfortable with Linux and standard DevOps practices like CI, CD, and unit testing.

About the Author

Julien Vehent is a security architect and DevOps advocate. He leads the Firefox Operations Security team at Mozilla, and is responsible for the security of Firefox’s high-traffic cloud services and public websites.

Table of Contents

  1. Securing DevOps
  2. Building a barebones DevOps pipeline
  3. Security layer 1: protecting web applications
  4. Security layer 2: protecting cloud infrastructures
  5. Security layer 3: securing communications
  6. Security layer 4: securing the delivery pipeline
  7. Collecting and storing logs
  8. Analyzing logs for fraud and attacks
  9. Detecting intrusions
  10. The Caribbean breach: a case study in incident response
  11. Assessing risks
  12. Testing security
  13. Continuous security

Categories
Bibliography DevOps DevSecOps-Security-Privacy Java Software Engineering Spring Framework

B081W4C2DH ISBN-13: 978-1484250518

See: Pro Spring Security: Securing Spring Framework 5 and Boot 2-based Java Applications, 2nd Edition, Publisher ‏ : ‎ Apress; 2nd ed. edition (November 22, 2019)

See also: Spring Bibliography, Spring Framework and Cloud Native

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Software Engineering SRE - Reliability engineering - Chaos engineer

B08CTGR1XC ISBN-13: ‎978-1718501126

See: Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy JavaScript Software Engineering

B07V78WH7V

See: Web Security for Developers: Real Threats, Practical Defense Illustrated Edition

Fair Use Source:

Categories
Azure Bibliography DevOps

B08GLHMT32

See: Microsoft Exam Ref MS-500 Microsoft 365 Security Administration with Practice Test Kindle Edition

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Windows Desktop

Microsoft Exam Ref MS-500 Microsoft 365 Security Administration

See: B08GLHMT32

See also: Microsoft Certification Exams

Direct from Microsoft, this Exam Ref is the official study guide for the new Microsoft MS-500 Microsoft 365 Security Administration certification exam.

Exam Ref MS-500 Microsoft 365 Security Administration offers professional-level preparation that helps candidates maximize their exam performance and sharpen their skills on the job. It focuses on the specific areas of expertise modern IT professionals need to implement and administer security in any Microsoft 365 environment. Coverage includes:

  • Implementing and managing identity and access
  • Implementing and managing threat protection
  • Implementing and managing information protection
  • Managing governance and compliance features in Microsoft 365

Microsoft Exam Ref publications stand apart from third-party study guides because they:

  • Provide guidance from Microsoft, the creator of Microsoft certification exams
  • Target IT professional-level exam candidates with content focused on their needs, not “one-size-fits-all” content
  • Streamline study by organizing material according to the exam’s objective domain (OD), covering one functional group and its objectives in each chapter
  • Feature Thought Experiments to guide candidates through a set of “what if?” scenarios, and prepare them more effectively for Pro-level style exam questions
  • Explore big picture thinking around the planning and design aspects of the IT pro’s job role

For more information on Exam MS-500 and the Microsoft 365 Certified: Security Administrator Associate, visit microsoft.com/learning.

Fair Use Source:

Categories
Bibliography DevSecOps-Security-Privacy Windows Server

B01MZA0OJU

See: Microsoft Exam Ref 70-744 Securing Windows Server 2016 1st Edition, Kindle Edition

Fair Use Source:

Categories
Bibliography DevSecOps-Security-Privacy Windows Server

Microsoft Exam Ref 70-744 Securing Windows Server 2016

See: B01MZA0OJU

See also: Microsoft Certification Exams

The Exam Ref is the official study guide for Microsoft certification exams. Featuring concise coverage of the skills measured by the exam, challenging Thought Experiments, and pointers to more in-depth material for the candidate needing additional study, exam candidates get professional-level preparation for the exam. The Exam Ref helps candidates determine their readiness for the exam, and provides Exam Tips to help maximize their performance on the exam. The organization of the material mirrors the skills measured by the exam as presented on the certification exam webpage.

Fair Use Source:

Categories
Azure Bibliography DevOps DevSecOps-Security-Privacy

B08F5JHZJG

See: Exam Ref AZ-500 Microsoft Azure Security Technologies

Fair Use Source:

Categories
Azure Bibliography DevOps DevSecOps-Security-Privacy

Microsoft Exam Ref AZ-500 Microsoft Azure Security Technologies

Prepare for Microsoft Exam AZ-500: Demonstrate your real-world knowledge of Microsoft Azure security, including tools and techniques for protecting identity, access, platforms, data, and applications, and for effectively managing security operations. Designed for professionals with Azure security experience, this Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified: Azure Security Engineer Associate level.  

Focus on the expertise measured by these objectives:

• Manage identity and access

• Implement platform protection

• Manage security operations

• Secure data and applications

This Microsoft Exam Ref:

• Organizes its coverage by exam objectives

• Features strategic, what-if scenarios to challenge you

• Assumes you have expertise implementing security controls and threat protection, managing identity and access, and protecting assets in cloud and hybrid environments

About the Exam

Exam AZ-500 focuses on the knowledge needed to manage Azure Active Directory identities; configure secure access with Azure AD; manage application access and access control; implement advanced network security; configure advanced security for compute; monitor security with Azure Monitor, Azure Firewall manager, Azure Security Center, Azure Defender, and Azure Sentinel; configure security policies; configure security for storage and databases; and configure and manage Key Vault.

About Microsoft Certification 

Passing this exam fulfills your requirements for the Microsoft Certified: Azure Security Engineer Associate credential, demonstrating your expertise as an Azure Security Engineer capable of maintaining security posture, identifying and remediating vulnerabilities, implementing threat protection, and responding to incident escalations as part of a cloud-based management and security team.

See: B08F5JHZJG

See also: Microsoft Certification Exams

Fair Use Source:

Categories
Bibliography

B087Q9G51R

See: Learn Kubernetes Security: Securely orchestrate, scale, and manage your microservices in Kubernetes deployments

See also Kubernetes and Cloud Native

Fair Use Source:

Categories
Bibliography

1617295957

See: Microservices Security in Action: Design secure network and API endpoint security for Microservices applications, with examples using Java, Kubernetes, and Istio 1st Edition

See also Kubernetes and Cloud Native

Fair Use Source: https://www.manning.com/books/microservices-security-in-action

Categories
Cloud DevOps Linux Operating Systems

Tails Linux Operating System

The Amnesic Incognito Live System

Tails logo

Tails, or The Amnesic Incognito Live System, is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity.[4] All its incoming and outgoing connections are forced to go through Tor,[5] and any non-anonymous connections are blocked. The system is designed to be booted as a live DVD or live USB, and will leave no digital footprint on the machine unless explicitly told to do so. The Tor Project provided financial support for its development in the beginnings of the project.[6] Tails comes with UEFI Secure Boot.

History:

Tails was first released on 23 June 2009. It is the next iteration of development on Incognito, a discontinued Gentoo-based Linux distribution.[7] The Tor Project provided financial support for its development in the beginnings of the project.[6] Tails also received funding from the Open Technology FundMozilla, and the Freedom of the Press Foundation.[8]

Laura PoitrasGlenn Greenwald, and Barton Gellman have each said that Tails was an important tool they used in their work with National Security Agency whistleblower Edward Snowden.[9][10][11]

From release 3.0, Tails requires a 64-bit processor to run.[12]

Bundled software:

Networking

Note: Due to the fact that Tails includes uBlock Origin (compared to the normal Tor Browser Bundle), it could be subject to an attack to determine if the user is using Tails (since the userbase for Tails is less than the Tor Browser Bundle) by checking if the website is blocking advertising.[14] Although this can be avoided by disabling uBlock Origin.

(WP)

Sources:

Fair Use Sources:

Categories
Cloud DevOps Linux Operating Systems

Kali Linux Operating System

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing.[3] It is maintained and funded by Offensive Security.[4]

Kali Linux has around 600[5] pre-installed penetration-testing programs(tools), including Armitage (a graphical cyber attack management tool), Nmap (a port scanner), Wireshark (a packet analyzer), metasploit (penetration testing framework, awarded as the best penetration testing software), John the Ripper (a password cracker), sqlmap (automatic SQL injection and database takeover tool), Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP web application security scanners,[6][7] etc.

It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous information security testing Linux distribution based on Knoppix. Originally, it was designed with a focus on kernel auditing, from which it got its name Kernel Auditing Linux. The name is sometimes incorrectly assumed to come from Kali the Hindu goddess.[8][9] The third core developer, Raphaël Hertzog, joined them as a Debian expert.[10][11]

Kali Linux is based on the Debian Testing branch. Most packages Kali uses are imported from the Debian repositories.[12]

Kali Linux’s popularity grew when it was featured in multiple episodes of the TV series Mr. Robot. Tools highlighted in the show and provided by Kali Linux include Bluesniff, Bluetooth Scanner (btscanner), John the Ripper, Metasploit Framework, Nmap, Shellshock, and Wget.[13][14][15]

(WP)

Sources:

Fair Use Sources:

Categories
Cloud DevSecOps-Security-Privacy Operating Systems Software Engineering

Access Control

“access control – A *trusted process that limits access to the resources and objects of a computer system in accordance with a *security model. The process can be implemented by reference to a stored table that lists the *access rights of subjects to objects, e.g. users to records. Optionally the process may record in an *audit trail any illegal access attempts.” (ODCS)

Fair Use Source: B019GXM8X8 (ODCS)

Sources:

Fair Use Sources: