Categories
Bibliography Cloud DevOps DevSecOps-Security-Privacy Software Engineering

Securing DevOps: Security in the Cloud – ISBN-13: 978-1617294136

See: Securing DevOps: Security in the Cloud, Publisher ‏ : ‎ Manning Publications; 1st edition (August 24, 2018)

Fair Use Source:

Summary

Securing DevOps explores how the techniques of DevOps and security should be applied together to make cloud services safer. This introductory book reviews the latest practices used in securing web applications and their infrastructure and teaches you techniques to integrate security directly into your product. You’ll also learn the core concepts of DevOps, such as continuous integration, continuous delivery, and infrastructure as a service.

Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.

About the Technology

An application running in the cloud can benefit from incredible efficiencies, but they come with unique security threats too. A DevOps team’s highest priority is understanding those risks and hardening the system against them.

About the Book

Securing DevOps teaches you the essential techniques to secure your cloud services. Using compelling case studies, it shows you how to build security into automated testing, continuous delivery, and other core DevOps processes. This experience-rich book is filled with mission-critical strategies to protect web applications against attacks, deter fraud attempts, and make your services safer when operating at scale. You’ll also learn to identify, assess, and secure the unique vulnerabilities posed by cloud deployments and automation tools commonly used in modern infrastructures.

What’s inside

  • An approach to continuous security
  • Implementing test-driven security in DevOps
  • Security techniques for cloud services
  • Watching for fraud and responding to incidents
  • Security testing and risk assessment

About the Reader

Readers should be comfortable with Linux and standard DevOps practices like CI, CD, and unit testing.

About the Author

Julien Vehent is a security architect and DevOps advocate. He leads the Firefox Operations Security team at Mozilla, and is responsible for the security of Firefox’s high-traffic cloud services and public websites.

Table of Contents

  1. Securing DevOps
  2. Building a barebones DevOps pipeline
  3. Security layer 1: protecting web applications
  4. Security layer 2: protecting cloud infrastructures
  5. Security layer 3: securing communications
  6. Security layer 4: securing the delivery pipeline
  7. Collecting and storing logs
  8. Analyzing logs for fraud and attacks
  9. Detecting intrusions
  10. The Caribbean breach: a case study in incident response
  11. Assessing risks
  12. Testing security
  13. Continuous security

Categories
Bibliography DevOps DevSecOps-Security-Privacy Java Kubernetes Software Engineering Spring Framework

DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers, 1st Edition – ISBN-13: 978-1492084020, 2022

See: DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers, 1st Edition, Publisher ‏ : ‎ O’Reilly Media; 1st edition (January 18, 2022)

Fair Use Source:

With the rise of DevOps, low-cost cloud computing, and container technologies, the way Java developers approach development today has changed dramatically. This practical guide helps you take advantage of microservices, serverless, and cloud native technologies using the latest DevOps techniques to simplify your build process and create hyperproductive teams.

Stephen Chin, Melissa McKay, Ixchel Ruiz, and Baruch Sadogursky help you evaluate an array of options. The list includes source control with Git, build declaration with Maven and Gradle, CI/CD with CircleCI, package management with Artifactory, containerization with Docker and Kubernetes, and much more. Whether you’re building applications with Jakarta EE, Spring Boot, Dropwizard, MicroProfile, Micronaut, or Quarkus, this comprehensive guide has you covered.

  • Explore software lifecycle best practices
  • Use DevSecOps methodologies to facilitate software development and delivery
  • Understand the business value of DevSecOps best practices
  • Manage and secure software dependencies
  • Develop and deploy applications using containers and cloud native technologies
  • Manage and administrate source control repositories and development processes
  • Use automation to set up and administer build pipelines
  • Identify common deployment patterns and antipatterns
  • Maintain and monitor software after deployment

About the Author

Stephen Chin is Head of Developer Relations at JFrog and author of The Definitive Guide to Modern Client Development, Raspberry Pi with Java, and Pro JavaFX Platform. He has keynoted numerous Java conferences around the world including Devoxx, JNation, JavaOne, Joker, and Open Source India. Stephen is an avid motorcyclist who has done evangelism tours in Europe, Japan, and Brazil, interviewing hackers in their natural habitat. When he is not traveling, he enjoys teaching kids how to do embedded and robot programming together with his teenage daughter. You can follow his hacking adventures at: http://steveonjava.com/.

Melissa McKay is currently a Developer Advocate with the JFrog Developer Relations team. She has been active in the software industry 20 years and her background and experience spans a slew of technologies and tools used in the development and operation of enterprise products and services. Melissa is a mom, software developer, Java geek, huge promoter of Java UNconferences, and is always on the lookout for ways to grow, learn, and improve development processes. She is active in the developer community, has spoken at CodeOne, Java Dev Day Mexico and assists with organizing the JCrete and JAlba Unconferences as well as Devoxx4Kids events.

Ixchel Ruiz has developed software applications and tools since 2000. Her research interests include Java, dynamic languages, client-side technologies, and testing. She is a Java Champion, Groundbreaker Ambassador, Hackergarten enthusiast, open source advocate, JUG leader, public speaker, and mentor.

Baruch Sadogursky (a.k.a JBaruch) is the Chief Sticker Officer @JFrog (also, Head of DevOps Advocacy) at JFrog. His passion is speaking about technology. Well, speaking in general, but doing it about technology makes him look smart, and 19 years of hi-tech experience sure helps. When he’s not on stage (or on a plane to get there), he learns about technology, people and how they work, or more precisely, don’t work together.

He is a co-author of the Liquid Software book, a CNCF ambassador and a passionate conference speaker on DevOps, DevSecOps, digital transformation, containers and cloud-native, artifact management and other topics, and is a regular at the industry’s most prestigious events including DockerCon, Devoxx, DevOps Days, OSCON, Qcon, JavaOne and many others. You can see some of his talks at jfrog.com/shownotes

Categories
Bibliography DevOps DevSecOps-Security-Privacy Java Software Engineering Spring Framework

B081W4C2DH ISBN-13: 978-1484250518

See: Pro Spring Security: Securing Spring Framework 5 and Boot 2-based Java Applications, 2nd Edition, Publisher ‏ : ‎ Apress; 2nd ed. edition (November 22, 2019)

See also: Spring Bibliography, Spring Framework and Cloud Native

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Software Engineering SRE - Reliability engineering - Chaos engineer

B08CTGR1XC ISBN-13: ‎978-1718501126

See: Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Software Engineering

B078Y98RG8

See: The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy JavaScript Software Engineering

B07V78WH7V

See: Web Security for Developers: Real Threats, Practical Defense Illustrated Edition

Fair Use Source:

Categories
Azure Bibliography DevOps

B08GLHMT32

See: Microsoft Exam Ref MS-500 Microsoft 365 Security Administration with Practice Test Kindle Edition

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Windows Desktop

Microsoft Exam Ref MS-500 Microsoft 365 Security Administration

See: B08GLHMT32

See also: Microsoft Certification Exams

Direct from Microsoft, this Exam Ref is the official study guide for the new Microsoft MS-500 Microsoft 365 Security Administration certification exam.

Exam Ref MS-500 Microsoft 365 Security Administration offers professional-level preparation that helps candidates maximize their exam performance and sharpen their skills on the job. It focuses on the specific areas of expertise modern IT professionals need to implement and administer security in any Microsoft 365 environment. Coverage includes:

  • Implementing and managing identity and access
  • Implementing and managing threat protection
  • Implementing and managing information protection
  • Managing governance and compliance features in Microsoft 365

Microsoft Exam Ref publications stand apart from third-party study guides because they:

  • Provide guidance from Microsoft, the creator of Microsoft certification exams
  • Target IT professional-level exam candidates with content focused on their needs, not “one-size-fits-all” content
  • Streamline study by organizing material according to the exam’s objective domain (OD), covering one functional group and its objectives in each chapter
  • Feature Thought Experiments to guide candidates through a set of “what if?” scenarios, and prepare them more effectively for Pro-level style exam questions
  • Explore big picture thinking around the planning and design aspects of the IT pro’s job role

For more information on Exam MS-500 and the Microsoft 365 Certified: Security Administrator Associate, visit microsoft.com/learning.

Fair Use Source:

Categories
Bibliography DevSecOps-Security-Privacy Windows Server

B01MZA0OJU

See: Microsoft Exam Ref 70-744 Securing Windows Server 2016 1st Edition, Kindle Edition

Fair Use Source:

Categories
Bibliography DevSecOps-Security-Privacy Windows Server

Microsoft Exam Ref 70-744 Securing Windows Server 2016

See: B01MZA0OJU

See also: Microsoft Certification Exams

The Exam Ref is the official study guide for Microsoft certification exams. Featuring concise coverage of the skills measured by the exam, challenging Thought Experiments, and pointers to more in-depth material for the candidate needing additional study, exam candidates get professional-level preparation for the exam. The Exam Ref helps candidates determine their readiness for the exam, and provides Exam Tips to help maximize their performance on the exam. The organization of the material mirrors the skills measured by the exam as presented on the certification exam webpage.

Fair Use Source:

Categories
Azure Bibliography DevOps DevSecOps-Security-Privacy

B08F5JHZJG

See: Exam Ref AZ-500 Microsoft Azure Security Technologies

Fair Use Source:

Categories
Azure Bibliography DevOps DevSecOps-Security-Privacy

Microsoft Exam Ref AZ-500 Microsoft Azure Security Technologies

Prepare for Microsoft Exam AZ-500: Demonstrate your real-world knowledge of Microsoft Azure security, including tools and techniques for protecting identity, access, platforms, data, and applications, and for effectively managing security operations. Designed for professionals with Azure security experience, this Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified: Azure Security Engineer Associate level.  

Focus on the expertise measured by these objectives:

• Manage identity and access

• Implement platform protection

• Manage security operations

• Secure data and applications

This Microsoft Exam Ref:

• Organizes its coverage by exam objectives

• Features strategic, what-if scenarios to challenge you

• Assumes you have expertise implementing security controls and threat protection, managing identity and access, and protecting assets in cloud and hybrid environments

About the Exam

Exam AZ-500 focuses on the knowledge needed to manage Azure Active Directory identities; configure secure access with Azure AD; manage application access and access control; implement advanced network security; configure advanced security for compute; monitor security with Azure Monitor, Azure Firewall manager, Azure Security Center, Azure Defender, and Azure Sentinel; configure security policies; configure security for storage and databases; and configure and manage Key Vault.

About Microsoft Certification 

Passing this exam fulfills your requirements for the Microsoft Certified: Azure Security Engineer Associate credential, demonstrating your expertise as an Azure Security Engineer capable of maintaining security posture, identifying and remediating vulnerabilities, implementing threat protection, and responding to incident escalations as part of a cloud-based management and security team.

See: B08F5JHZJG

See also: Microsoft Certification Exams

Fair Use Source:

Categories
Bibliography

B087Q9G51R

See: Learn Kubernetes Security: Securely orchestrate, scale, and manage your microservices in Kubernetes deployments

See also Kubernetes and Cloud Native

Fair Use Source:

Categories
Bibliography

1492081736

See: Hacking Kubernetes: Threat-Driven Analysis and Defense 1st Edition

See also Kubernetes and Cloud Native

Fair Use Source:

Categories
AWS Azure Cloud DevOps GCP Linux Operating Systems Software Engineering

List of Linux containers

Linux containers are implementations of operating system-level virtualization for the Linux operating system. Several implementations exist, all based on the virtualization, isolation, and resource management mechanisms provided by the Linux kernel, notably Linux namespaces and cgroups.[1] These include:” (WP)

See also

References

  1. ^ Rami, Rosen. “Namespaces and Cgroups, the basis of Linux Containers” (PDF). Retrieved 18 August 2016.
  2. ^ “LXC – Linux Containers”linuxcontainers.org. Retrieved 2014-11-10.
  3. ^ “LXD”linuxcontainers.org. Retrieved 2021-02-11.
  4. ^ “Rkt container engine”.
  5. ^ “CNCF Archives RKT”. CNCF. Retrieved 19 Aug 2019.
  6. ^ “Red Hat to Acquire CoreOS”. Red Hat inc. Retrieved 30 Jan 2018.
  7. ^ Poettering, Lennart. “systemd For Administrators, Part XXI”. Retrieved 2 July 2016.
  8. ^ Rootless containers with Podman and fuse-overlayfs, CERN Workshop, 2019-06-04
  9. ^ https://hpc.github.io/charliecloud/. Retrieved 4 October 2020. Missing or empty |title= (help)
  10. ^ “Bottlerocket is a Linux-based operating system purpose-built to run containers”.
This Linux-related article is a stub. You can help Wikipedia by expanding it.

Categories

” (WP)

Sources:

Fair Use Sources: