Categories
Bibliography Cloud DevOps DevSecOps-Security-Privacy Software Engineering

Securing DevOps: Security in the Cloud – ISBN-13: 978-1617294136

See: Securing DevOps: Security in the Cloud, Publisher ‏ : ‎ Manning Publications; 1st edition (August 24, 2018)

Fair Use Source:

Summary

Securing DevOps explores how the techniques of DevOps and security should be applied together to make cloud services safer. This introductory book reviews the latest practices used in securing web applications and their infrastructure and teaches you techniques to integrate security directly into your product. You’ll also learn the core concepts of DevOps, such as continuous integration, continuous delivery, and infrastructure as a service.

Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.

About the Technology

An application running in the cloud can benefit from incredible efficiencies, but they come with unique security threats too. A DevOps team’s highest priority is understanding those risks and hardening the system against them.

About the Book

Securing DevOps teaches you the essential techniques to secure your cloud services. Using compelling case studies, it shows you how to build security into automated testing, continuous delivery, and other core DevOps processes. This experience-rich book is filled with mission-critical strategies to protect web applications against attacks, deter fraud attempts, and make your services safer when operating at scale. You’ll also learn to identify, assess, and secure the unique vulnerabilities posed by cloud deployments and automation tools commonly used in modern infrastructures.

What’s inside

  • An approach to continuous security
  • Implementing test-driven security in DevOps
  • Security techniques for cloud services
  • Watching for fraud and responding to incidents
  • Security testing and risk assessment

About the Reader

Readers should be comfortable with Linux and standard DevOps practices like CI, CD, and unit testing.

About the Author

Julien Vehent is a security architect and DevOps advocate. He leads the Firefox Operations Security team at Mozilla, and is responsible for the security of Firefox’s high-traffic cloud services and public websites.

Table of Contents

  1. Securing DevOps
  2. Building a barebones DevOps pipeline
  3. Security layer 1: protecting web applications
  4. Security layer 2: protecting cloud infrastructures
  5. Security layer 3: securing communications
  6. Security layer 4: securing the delivery pipeline
  7. Collecting and storing logs
  8. Analyzing logs for fraud and attacks
  9. Detecting intrusions
  10. The Caribbean breach: a case study in incident response
  11. Assessing risks
  12. Testing security
  13. Continuous security

Categories
Bibliography DevOps DevSecOps-Security-Privacy Software Engineering SRE - Reliability engineering - Chaos engineer

B08CTGR1XC ISBN-13: ‎978-1718501126

See: Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters

Fair Use Source:

Categories
Bibliography DevOps Networking Python Software Engineering

B08M6CT2R3 ISBN-13: 978-1839217166

See: Mastering Python for Networking and Security: Leverage the scripts and libraries of Python version 3.7 and beyond to overcome networking and security issues, 2nd Edition Kindle Edition

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy JavaScript Software Engineering

B07V78WH7V

See: Web Security for Developers: Real Threats, Practical Defense Illustrated Edition

Fair Use Source:

Categories
Azure Bibliography DevOps

B08GLHMT32

See: Microsoft Exam Ref MS-500 Microsoft 365 Security Administration with Practice Test Kindle Edition

Fair Use Source:

Categories
Bibliography DevOps DevSecOps-Security-Privacy Windows Desktop

Microsoft Exam Ref MS-500 Microsoft 365 Security Administration

See: B08GLHMT32

See also: Microsoft Certification Exams

Direct from Microsoft, this Exam Ref is the official study guide for the new Microsoft MS-500 Microsoft 365 Security Administration certification exam.

Exam Ref MS-500 Microsoft 365 Security Administration offers professional-level preparation that helps candidates maximize their exam performance and sharpen their skills on the job. It focuses on the specific areas of expertise modern IT professionals need to implement and administer security in any Microsoft 365 environment. Coverage includes:

  • Implementing and managing identity and access
  • Implementing and managing threat protection
  • Implementing and managing information protection
  • Managing governance and compliance features in Microsoft 365

Microsoft Exam Ref publications stand apart from third-party study guides because they:

  • Provide guidance from Microsoft, the creator of Microsoft certification exams
  • Target IT professional-level exam candidates with content focused on their needs, not “one-size-fits-all” content
  • Streamline study by organizing material according to the exam’s objective domain (OD), covering one functional group and its objectives in each chapter
  • Feature Thought Experiments to guide candidates through a set of “what if?” scenarios, and prepare them more effectively for Pro-level style exam questions
  • Explore big picture thinking around the planning and design aspects of the IT pro’s job role

For more information on Exam MS-500 and the Microsoft 365 Certified: Security Administrator Associate, visit microsoft.com/learning.

Fair Use Source:

Categories
Bibliography DevSecOps-Security-Privacy Windows Server

B01MZA0OJU

See: Microsoft Exam Ref 70-744 Securing Windows Server 2016 1st Edition, Kindle Edition

Fair Use Source:

Categories
Bibliography DevSecOps-Security-Privacy Windows Server

Microsoft Exam Ref 70-744 Securing Windows Server 2016

See: B01MZA0OJU

See also: Microsoft Certification Exams

The Exam Ref is the official study guide for Microsoft certification exams. Featuring concise coverage of the skills measured by the exam, challenging Thought Experiments, and pointers to more in-depth material for the candidate needing additional study, exam candidates get professional-level preparation for the exam. The Exam Ref helps candidates determine their readiness for the exam, and provides Exam Tips to help maximize their performance on the exam. The organization of the material mirrors the skills measured by the exam as presented on the certification exam webpage.

Fair Use Source:

Categories
Azure Bibliography DevOps DevSecOps-Security-Privacy

B08F5JHZJG

See: Exam Ref AZ-500 Microsoft Azure Security Technologies

Fair Use Source:

Categories
Azure Bibliography DevOps DevSecOps-Security-Privacy

Microsoft Exam Ref AZ-500 Microsoft Azure Security Technologies

Prepare for Microsoft Exam AZ-500: Demonstrate your real-world knowledge of Microsoft Azure security, including tools and techniques for protecting identity, access, platforms, data, and applications, and for effectively managing security operations. Designed for professionals with Azure security experience, this Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified: Azure Security Engineer Associate level.  

Focus on the expertise measured by these objectives:

• Manage identity and access

• Implement platform protection

• Manage security operations

• Secure data and applications

This Microsoft Exam Ref:

• Organizes its coverage by exam objectives

• Features strategic, what-if scenarios to challenge you

• Assumes you have expertise implementing security controls and threat protection, managing identity and access, and protecting assets in cloud and hybrid environments

About the Exam

Exam AZ-500 focuses on the knowledge needed to manage Azure Active Directory identities; configure secure access with Azure AD; manage application access and access control; implement advanced network security; configure advanced security for compute; monitor security with Azure Monitor, Azure Firewall manager, Azure Security Center, Azure Defender, and Azure Sentinel; configure security policies; configure security for storage and databases; and configure and manage Key Vault.

About Microsoft Certification 

Passing this exam fulfills your requirements for the Microsoft Certified: Azure Security Engineer Associate credential, demonstrating your expertise as an Azure Security Engineer capable of maintaining security posture, identifying and remediating vulnerabilities, implementing threat protection, and responding to incident escalations as part of a cloud-based management and security team.

See: B08F5JHZJG

See also: Microsoft Certification Exams

Fair Use Source:

Categories
Cloud DevOps Linux Operating Systems

Tails Linux Operating System

The Amnesic Incognito Live System

Tails logo

Tails, or The Amnesic Incognito Live System, is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity.[4] All its incoming and outgoing connections are forced to go through Tor,[5] and any non-anonymous connections are blocked. The system is designed to be booted as a live DVD or live USB, and will leave no digital footprint on the machine unless explicitly told to do so. The Tor Project provided financial support for its development in the beginnings of the project.[6] Tails comes with UEFI Secure Boot.

History:

Tails was first released on 23 June 2009. It is the next iteration of development on Incognito, a discontinued Gentoo-based Linux distribution.[7] The Tor Project provided financial support for its development in the beginnings of the project.[6] Tails also received funding from the Open Technology FundMozilla, and the Freedom of the Press Foundation.[8]

Laura PoitrasGlenn Greenwald, and Barton Gellman have each said that Tails was an important tool they used in their work with National Security Agency whistleblower Edward Snowden.[9][10][11]

From release 3.0, Tails requires a 64-bit processor to run.[12]

Bundled software:

Networking

Note: Due to the fact that Tails includes uBlock Origin (compared to the normal Tor Browser Bundle), it could be subject to an attack to determine if the user is using Tails (since the userbase for Tails is less than the Tor Browser Bundle) by checking if the website is blocking advertising.[14] Although this can be avoided by disabling uBlock Origin.

(WP)

Sources:

Fair Use Sources:

Categories
Cloud DevOps Linux Operating Systems

Kali Linux Operating System

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing.[3] It is maintained and funded by Offensive Security.[4]

Kali Linux has around 600[5] pre-installed penetration-testing programs(tools), including Armitage (a graphical cyber attack management tool), Nmap (a port scanner), Wireshark (a packet analyzer), metasploit (penetration testing framework, awarded as the best penetration testing software), John the Ripper (a password cracker), sqlmap (automatic SQL injection and database takeover tool), Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP web application security scanners,[6][7] etc.

It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous information security testing Linux distribution based on Knoppix. Originally, it was designed with a focus on kernel auditing, from which it got its name Kernel Auditing Linux. The name is sometimes incorrectly assumed to come from Kali the Hindu goddess.[8][9] The third core developer, Raphaël Hertzog, joined them as a Debian expert.[10][11]

Kali Linux is based on the Debian Testing branch. Most packages Kali uses are imported from the Debian repositories.[12]

Kali Linux’s popularity grew when it was featured in multiple episodes of the TV series Mr. Robot. Tools highlighted in the show and provided by Kali Linux include Bluesniff, Bluetooth Scanner (btscanner), John the Ripper, Metasploit Framework, Nmap, Shellshock, and Wget.[13][14][15]

(WP)

Sources:

Fair Use Sources:

Categories
Hardware and Electronics History Networking

Juniper Networks

Return to Timeline of the History of Computers

Juniper Networks, Inc. is an American multinational corporation headquartered in Sunnyvale, California. The company develops and markets networking products, including routersswitchesnetwork management software, network security products, and software-defined networking technology.

The company was founded in 1996 by Pradeep Sindhu, with Scott Kriens as the first CEO, who remained until September 2008. Kriens has been credited with much of Juniper’s early market success.[4] It received several rounds of funding from venture capitalists and telecommunications companies before going public in 1999. Juniper grew to $673 million in annual revenues by 2000. By 2001 it had a 37% share of the core routers market, challenging Cisco‘s once-dominant market-share.[5][6] It grew to $4 billion in revenues by 2004 and $4.63 billion in 2014. Juniper appointed Kevin Johnson as CEO in 2008, Shaygan Kheradpir in 2013 and Rami Rahim in 2014.

Juniper Networks originally focused on core routers, which are used by internet service providers (ISPs) to perform IP address lookups and direct internet traffic. Through the acquisition of Unisphere, in 2002, the company entered the market for edge routers, which are used by ISPs to route internet traffic to individual consumers. In 2003, Juniper entered the IT security market with its own JProtect security toolkit before acquiring security company NetScreen Technologies the following year. In the early 2000s, Juniper entered the enterprise segment, which accounted for one-third of its revenues by 2005. As of 2014, Juniper has been focused on developing new software-defined networking products.

Fair Use Sources:

Categories
DevSecOps-Security-Privacy Software Engineering

Application Security Engineer

Application security engineer: “Sometimes called a “product security engineer” — a software engineer whose role is to evaluate and improve the security of an organization’s codebase and application architecture.” (B085FW7J86)

Fair Use Sources:

B085FW7J86

Categories
DevSecOps-Security-Privacy Software Engineering

Bug Bounty Hunter – Freelance Penetration Tester

Bug bounty hunter: “A freelance penetration tester. Often, large companies will create “responsible disclosure programs” that award cash prizes for reporting security holes. Some bug bounty hunters work full time, but often these are full-time professionals who participate outside of work for extra money.” (B085FW7J86)

Fair Use Sources:

B085FW7J86