Implementing DevSecOps Practices: Supercharge Your Software Security with DevSecOps Excellence
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Birmingham
Packt Publishing, Limited
2023
|
| Ausgabe: | 1st ed |
| Schlagworte: | |
| Online-Zugang: | DE-2070s |
| Beschreibung: | Description based on publisher supplied metadata and other sources |
| Beschreibung: | 1 Online-Ressource (258 Seiten) |
| ISBN: | 9781803234434 |
Internformat
MARC
| LEADER | 00000nmm a2200000zc 4500 | ||
|---|---|---|---|
| 001 | BV049871457 | ||
| 003 | DE-604 | ||
| 007 | cr|uuu---uuuuu | ||
| 008 | 240918s2023 |||| o||u| ||||||eng d | ||
| 020 | |a 9781803234434 |9 978-1-80323-443-4 | ||
| 035 | |a (ZDB-30-PQE)EBC30977903 | ||
| 035 | |a (ZDB-30-PAD)EBC30977903 | ||
| 035 | |a (ZDB-89-EBL)EBL30977903 | ||
| 035 | |a (OCoLC)1411307337 | ||
| 035 | |a (DE-599)BVBBV049871457 | ||
| 040 | |a DE-604 |b ger |e rda | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-2070s | ||
| 082 | 0 | |a 005.8 | |
| 100 | 1 | |a Sehgal, Vandana Verma |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a Implementing DevSecOps Practices |b Supercharge Your Software Security with DevSecOps Excellence |
| 250 | |a 1st ed | ||
| 264 | 1 | |a Birmingham |b Packt Publishing, Limited |c 2023 | |
| 264 | 4 | |c ©2023 | |
| 300 | |a 1 Online-Ressource (258 Seiten) | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b c |2 rdamedia | ||
| 338 | |b cr |2 rdacarrier | ||
| 500 | |a Description based on publisher supplied metadata and other sources | ||
| 505 | 8 | |a Cover -- Title Page -- Copyright and Credits -- Dedicated -- Contributors -- Table of Contents -- Preface -- Part 1: DevSecOps - What and How? -- Chapter 1: Introducing DevSecOps -- Product development processes -- The Waterfall model -- The Agile methodology -- Understanding the shift from DevOps to DevSecOps -- The new processes within DevSecOps -- DevSecOps maturity levels -- Maturity level 1 -- Maturity level 2 -- Maturity level 3 -- Maturity level 4 -- KPIs -- DevSecOps - the people aspect -- Summary -- Think and act -- Part 2: DevSecOps Principles and Processes -- Chapter 2: DevSecOps Principles -- DevSecOps principles -- Unifying the CI/CD pipeline -- Fail fast -- Automation and innovation in DevSecOps -- Introducing compliance checks -- Empowering teams to make decisions -- Cross-skilling and educating teams and the cultural aspect approach -- Proper documentation -- Relevant checkpoints -- Building and managing secure Dev environments and toolchains -- Challenges within the DevSecOps pipeline that principles can resolve -- Continuous application changes -- The developer knowledge gap -- Lack of AppSec tool integration -- Summary -- Chapter 3: Understanding the Security Posture -- Understanding your security posture -- Regular meetings -- Managing pipelines -- Testing pipelines -- Tools involved in pipelines -- Why and what measures we take to secure the environment -- Building the vulnerabilities inventory -- Addressing vulnerabilities -- Parameters to define the security posture -- Discovering the third-party component -- Measuring the effectiveness of the technologies used -- Managing workflows -- What measures can we take to monitor an environment? -- A positive way toward the cloud-native world -- Cloud-native architectures -- Provisioning and configuring infrastructure -- Automating controls -- Securing the toolchains | |
| 505 | 8 | |a Where does security stand in the whole development process? -- Compliance and audit -- Multi-cloud security -- Monitoring -- Incident response -- Developer tools -- Vulnerability management -- Summary -- Chapter 4: Understanding Observability -- Why do we need observability? -- The key functions of observability -- Linking observability with monitoring -- Exploring the monitoring process -- Implementing observability with monitoring -- Challenges around observability -- Making organizations observable -- Summary -- Chapter 5: Understanding Chaos Engineering -- Introducing chaos engineering -- Why do we need chaos engineering? -- Best practices while working with chaos engineering -- Techniques involved in chaos engineering -- Specific systems and services that organizations use for chaos engineering -- Measuring the effectiveness of performing chaos engineering -- Tools involved in chaos engineering -- Basic principles of chaos engineering -- Team communication strategies while performing chaos engineering experiments -- Developing robust chaos engineering practice from failures -- Challenges around chaos engineering -- How chaos engineering is different from other testing measures -- Summary -- Part 3: Technology -- Chapter 6: Continuous Integration and Continuous Deployment -- What is a CI/CD pipeline? -- CI -- CD - continuous delivery and continuous deployment -- The benefits of CI/CD -- Automating the CI/CD pipeline -- Source control -- Automated builds -- Continuous testing -- Artifact storing -- Deployment automation -- Environment consistency -- Monitoring and feedback -- Rollbacks -- The importance of a CI/CD pipeline -- Summary -- Chapter 7: Threat Modeling -- What is threat modeling? -- The importance of threat modeling in the software development lifecycle -- Why should we perform threat modeling? -- Threat modeling techniques | |
| 505 | 8 | |a Integrating threat modeling into DevSecOps -- Pre-development phase -- Design phase -- Development phase -- Testing phase -- Deployment phase -- Open source threat modeling tools -- How threat modeling tools help organizations -- Reasons some organizations don't use threat modeling -- Summary -- Chapter 8: Software Composition Analysis (SCA) -- What is SCA? -- How does SCA work? -- SCA tools and their functionalities -- The importance of SCA -- The benefits of SCA -- SAST versus SCA -- The SCA process -- SCA metrics -- Integrating SCA with other security tools -- Resolving the issues without breaking the build -- Detection of security flaws -- Open source SCA tools -- Discussing past breaches -- Summary -- Chapter 9: Static Application Security Testing -- Introduction -- What is SAST? -- SAST tools and their functionalities -- Identifying vulnerabilities early in the development process -- The SAST process -- SAST metrics -- Integrating SAST with other security tools -- Resolving issues without breaking the build -- The benefits of SAST -- The limitations of SAST -- Open source SAST tools -- Case study 1 -- Case study 2 -- Loss due to not following the SAST process -- Summary -- Chapter 10: Infrastructure-as-Code (IaC) Scanning -- What is IaC? -- The importance of IaC scanning -- IaC toolset functionalities -- Advantages and disadvantages of IaC -- Identifying vulnerabilities using IaC -- What is the IaC process? -- IaC metrics -- IaC versus SAST -- IaC security best practices -- IaC in DevSecOps -- Understanding DevSecOps -- The role of IaC in DevSecOps -- The DevSecOps process with IaC -- Key benefits -- Challenges and mitigation -- Conclusion and future outlook -- Open source IaC tools -- Case study 1 - the Codecov security incident -- Case study 2 - Capital One data breach -- Case study 3 - Netflix environment improvement -- Summary | |
| 505 | 8 | |a Chapter 11: Dynamic Application Security Testing (DAST) -- What is DAST? -- Advantages and limitations of DAST -- The DAST process -- DAST usage for developers -- DAST usage for security testers -- The importance of DAST in secure development environments -- Incorporating DAST into the application development life cycle -- Advanced DAST techniques -- Choosing the right DAST tool -- How to perform a DAST scan in an organization -- Integrating DAST with other security tools -- Incorporating DAST into DevOps processes -- Prioritizing and remediating vulnerabilities -- Comparing DAST with other security testing approaches -- SAST -- IAST -- RASP -- The future of DAST -- Summary -- Part 4: Tools -- Chapter 12: Setting Up a DevSecOps Program with Open Source Tools -- Techniques used in setting up the program -- Understanding DevSecOps -- Setting up the CI/CD pipeline -- The technicalities of setting up a CI/CD pipeline -- Implementing security controls -- Identifying open source security tools -- Implementing security policies and procedures -- Managing DevSecOps in production -- Monitoring and managing the DevSecOps pipeline in production -- Using open source tools for monitoring, logging, and alerting -- Incorporating continuous compliance and auditing into the pipeline -- Managing incidents and responding to security breaches -- The benefits of the program -- Summary -- Part 5: Governance and an Effective Security Champions Program -- Chapter 13: License Compliance, Code Coverage, and Baseline Policies -- DevSecOps and its relevance to license compliance -- The distinction between traditional licenses and security implications -- Source code access -- Modification and redistribution -- Community oversight -- Vendor dependency -- Cost and resource allocation -- Different types of software licenses -- Permissive licenses (MIT, Apache) | |
| 505 | 8 | |a Copyleft licenses (GPL, LGPL) -- Proprietary licenses -- The impact of software licenses on the DevSecOps pipeline -- How to perform license reviews -- Tools and techniques -- Engaging legal and security teams -- Documentation and continuous improvement -- Fine-tuning policies associated with licenses -- Establishing an organizational standard -- Exception handling -- Continuous review and improvement -- Case studies -- Case study 1 - the Redis licensing change -- Case study 2 - Elastic versus AWS licensing drama -- Summary -- Chapter 14: Setting Up a Security Champions Program -- The Security Champions program -- Structuring your Security Champions program -- Things to remember before setting up the program -- Who should be a Security Champion? -- How a Security Champions program would look -- The top benefits of starting a Security Champions program -- What does a Security Champion do? -- Security Champions program - why do you need it? -- Shared responsibility models -- The roles of different teams -- Buy-in from the executive -- The importance of executive buy-in -- How to secure executive buy-in -- Measuring the effect of the Security Champions program -- Technical aspects to check the effectiveness of the Security Champions program -- Strategic aspects to check the effectiveness of the Security Champions program -- Summary -- Part 6: Case Studies and Conclusion -- Chapter 15: Case Studies -- Case study 1 - FinTech Corporation -- Challenges faced before implementing DevSecOps -- Steps were taken to transition to DevSecOps -- Results and impact on the company's software development -- Lessons learned -- Case study 2 - Verma Enterprises -- Challenges faced by the organization in terms of security -- Implementation of DevSecOps practices and tools -- Results and benefits achieved -- Case study 3 - HealthPlus | |
| 505 | 8 | |a The importance of security in healthcare data and systems | |
| 650 | 4 | |a Computer networks-Access control | |
| 650 | 4 | |a Computer networks-Security measures | |
| 650 | 4 | |a Information technology-Management | |
| 776 | 0 | 8 | |i Erscheint auch als |n Druck-Ausgabe |a Sehgal, Vandana Verma |t Implementing DevSecOps Practices |d Birmingham : Packt Publishing, Limited,c2023 |
| 912 | |a ZDB-30-PQE | ||
| 943 | 1 | |a oai:aleph.bib-bvb.de:BVB01-035210931 | |
| 966 | e | |u https://ebookcentral.proquest.com/lib/hwr/detail.action?docID=30977903 |l DE-2070s |p ZDB-30-PQE |q HWR_PDA_PQE |x Aggregator |3 Volltext | |
Datensatz im Suchindex
| _version_ | 1810527638292267008 |
|---|---|
| adam_text | |
| any_adam_object | |
| author | Sehgal, Vandana Verma |
| author_facet | Sehgal, Vandana Verma |
| author_role | aut |
| author_sort | Sehgal, Vandana Verma |
| author_variant | v v s vv vvs |
| building | Verbundindex |
| bvnumber | BV049871457 |
| collection | ZDB-30-PQE |
| contents | Cover -- Title Page -- Copyright and Credits -- Dedicated -- Contributors -- Table of Contents -- Preface -- Part 1: DevSecOps - What and How? -- Chapter 1: Introducing DevSecOps -- Product development processes -- The Waterfall model -- The Agile methodology -- Understanding the shift from DevOps to DevSecOps -- The new processes within DevSecOps -- DevSecOps maturity levels -- Maturity level 1 -- Maturity level 2 -- Maturity level 3 -- Maturity level 4 -- KPIs -- DevSecOps - the people aspect -- Summary -- Think and act -- Part 2: DevSecOps Principles and Processes -- Chapter 2: DevSecOps Principles -- DevSecOps principles -- Unifying the CI/CD pipeline -- Fail fast -- Automation and innovation in DevSecOps -- Introducing compliance checks -- Empowering teams to make decisions -- Cross-skilling and educating teams and the cultural aspect approach -- Proper documentation -- Relevant checkpoints -- Building and managing secure Dev environments and toolchains -- Challenges within the DevSecOps pipeline that principles can resolve -- Continuous application changes -- The developer knowledge gap -- Lack of AppSec tool integration -- Summary -- Chapter 3: Understanding the Security Posture -- Understanding your security posture -- Regular meetings -- Managing pipelines -- Testing pipelines -- Tools involved in pipelines -- Why and what measures we take to secure the environment -- Building the vulnerabilities inventory -- Addressing vulnerabilities -- Parameters to define the security posture -- Discovering the third-party component -- Measuring the effectiveness of the technologies used -- Managing workflows -- What measures can we take to monitor an environment? -- A positive way toward the cloud-native world -- Cloud-native architectures -- Provisioning and configuring infrastructure -- Automating controls -- Securing the toolchains Where does security stand in the whole development process? -- Compliance and audit -- Multi-cloud security -- Monitoring -- Incident response -- Developer tools -- Vulnerability management -- Summary -- Chapter 4: Understanding Observability -- Why do we need observability? -- The key functions of observability -- Linking observability with monitoring -- Exploring the monitoring process -- Implementing observability with monitoring -- Challenges around observability -- Making organizations observable -- Summary -- Chapter 5: Understanding Chaos Engineering -- Introducing chaos engineering -- Why do we need chaos engineering? -- Best practices while working with chaos engineering -- Techniques involved in chaos engineering -- Specific systems and services that organizations use for chaos engineering -- Measuring the effectiveness of performing chaos engineering -- Tools involved in chaos engineering -- Basic principles of chaos engineering -- Team communication strategies while performing chaos engineering experiments -- Developing robust chaos engineering practice from failures -- Challenges around chaos engineering -- How chaos engineering is different from other testing measures -- Summary -- Part 3: Technology -- Chapter 6: Continuous Integration and Continuous Deployment -- What is a CI/CD pipeline? -- CI -- CD - continuous delivery and continuous deployment -- The benefits of CI/CD -- Automating the CI/CD pipeline -- Source control -- Automated builds -- Continuous testing -- Artifact storing -- Deployment automation -- Environment consistency -- Monitoring and feedback -- Rollbacks -- The importance of a CI/CD pipeline -- Summary -- Chapter 7: Threat Modeling -- What is threat modeling? -- The importance of threat modeling in the software development lifecycle -- Why should we perform threat modeling? -- Threat modeling techniques Integrating threat modeling into DevSecOps -- Pre-development phase -- Design phase -- Development phase -- Testing phase -- Deployment phase -- Open source threat modeling tools -- How threat modeling tools help organizations -- Reasons some organizations don't use threat modeling -- Summary -- Chapter 8: Software Composition Analysis (SCA) -- What is SCA? -- How does SCA work? -- SCA tools and their functionalities -- The importance of SCA -- The benefits of SCA -- SAST versus SCA -- The SCA process -- SCA metrics -- Integrating SCA with other security tools -- Resolving the issues without breaking the build -- Detection of security flaws -- Open source SCA tools -- Discussing past breaches -- Summary -- Chapter 9: Static Application Security Testing -- Introduction -- What is SAST? -- SAST tools and their functionalities -- Identifying vulnerabilities early in the development process -- The SAST process -- SAST metrics -- Integrating SAST with other security tools -- Resolving issues without breaking the build -- The benefits of SAST -- The limitations of SAST -- Open source SAST tools -- Case study 1 -- Case study 2 -- Loss due to not following the SAST process -- Summary -- Chapter 10: Infrastructure-as-Code (IaC) Scanning -- What is IaC? -- The importance of IaC scanning -- IaC toolset functionalities -- Advantages and disadvantages of IaC -- Identifying vulnerabilities using IaC -- What is the IaC process? -- IaC metrics -- IaC versus SAST -- IaC security best practices -- IaC in DevSecOps -- Understanding DevSecOps -- The role of IaC in DevSecOps -- The DevSecOps process with IaC -- Key benefits -- Challenges and mitigation -- Conclusion and future outlook -- Open source IaC tools -- Case study 1 - the Codecov security incident -- Case study 2 - Capital One data breach -- Case study 3 - Netflix environment improvement -- Summary Chapter 11: Dynamic Application Security Testing (DAST) -- What is DAST? -- Advantages and limitations of DAST -- The DAST process -- DAST usage for developers -- DAST usage for security testers -- The importance of DAST in secure development environments -- Incorporating DAST into the application development life cycle -- Advanced DAST techniques -- Choosing the right DAST tool -- How to perform a DAST scan in an organization -- Integrating DAST with other security tools -- Incorporating DAST into DevOps processes -- Prioritizing and remediating vulnerabilities -- Comparing DAST with other security testing approaches -- SAST -- IAST -- RASP -- The future of DAST -- Summary -- Part 4: Tools -- Chapter 12: Setting Up a DevSecOps Program with Open Source Tools -- Techniques used in setting up the program -- Understanding DevSecOps -- Setting up the CI/CD pipeline -- The technicalities of setting up a CI/CD pipeline -- Implementing security controls -- Identifying open source security tools -- Implementing security policies and procedures -- Managing DevSecOps in production -- Monitoring and managing the DevSecOps pipeline in production -- Using open source tools for monitoring, logging, and alerting -- Incorporating continuous compliance and auditing into the pipeline -- Managing incidents and responding to security breaches -- The benefits of the program -- Summary -- Part 5: Governance and an Effective Security Champions Program -- Chapter 13: License Compliance, Code Coverage, and Baseline Policies -- DevSecOps and its relevance to license compliance -- The distinction between traditional licenses and security implications -- Source code access -- Modification and redistribution -- Community oversight -- Vendor dependency -- Cost and resource allocation -- Different types of software licenses -- Permissive licenses (MIT, Apache) Copyleft licenses (GPL, LGPL) -- Proprietary licenses -- The impact of software licenses on the DevSecOps pipeline -- How to perform license reviews -- Tools and techniques -- Engaging legal and security teams -- Documentation and continuous improvement -- Fine-tuning policies associated with licenses -- Establishing an organizational standard -- Exception handling -- Continuous review and improvement -- Case studies -- Case study 1 - the Redis licensing change -- Case study 2 - Elastic versus AWS licensing drama -- Summary -- Chapter 14: Setting Up a Security Champions Program -- The Security Champions program -- Structuring your Security Champions program -- Things to remember before setting up the program -- Who should be a Security Champion? -- How a Security Champions program would look -- The top benefits of starting a Security Champions program -- What does a Security Champion do? -- Security Champions program - why do you need it? -- Shared responsibility models -- The roles of different teams -- Buy-in from the executive -- The importance of executive buy-in -- How to secure executive buy-in -- Measuring the effect of the Security Champions program -- Technical aspects to check the effectiveness of the Security Champions program -- Strategic aspects to check the effectiveness of the Security Champions program -- Summary -- Part 6: Case Studies and Conclusion -- Chapter 15: Case Studies -- Case study 1 - FinTech Corporation -- Challenges faced before implementing DevSecOps -- Steps were taken to transition to DevSecOps -- Results and impact on the company's software development -- Lessons learned -- Case study 2 - Verma Enterprises -- Challenges faced by the organization in terms of security -- Implementation of DevSecOps practices and tools -- Results and benefits achieved -- Case study 3 - HealthPlus The importance of security in healthcare data and systems |
| ctrlnum | (ZDB-30-PQE)EBC30977903 (ZDB-30-PAD)EBC30977903 (ZDB-89-EBL)EBL30977903 (OCoLC)1411307337 (DE-599)BVBBV049871457 |
| dewey-full | 005.8 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 |
| dewey-search | 005.8 |
| dewey-sort | 15.8 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| edition | 1st ed |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>00000nmm a2200000zc 4500</leader><controlfield tag="001">BV049871457</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">240918s2023 |||| o||u| ||||||eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781803234434</subfield><subfield code="9">978-1-80323-443-4</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PQE)EBC30977903</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PAD)EBC30977903</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-89-EBL)EBL30977903</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1411307337</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV049871457</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-2070s</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Sehgal, Vandana Verma</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Implementing DevSecOps Practices</subfield><subfield code="b">Supercharge Your Software Security with DevSecOps Excellence</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">1st ed</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Birmingham</subfield><subfield code="b">Packt Publishing, Limited</subfield><subfield code="c">2023</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">©2023</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (258 Seiten)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Description based on publisher supplied metadata and other sources</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Cover -- Title Page -- Copyright and Credits -- Dedicated -- Contributors -- Table of Contents -- Preface -- Part 1: DevSecOps - What and How? -- Chapter 1: Introducing DevSecOps -- Product development processes -- The Waterfall model -- The Agile methodology -- Understanding the shift from DevOps to DevSecOps -- The new processes within DevSecOps -- DevSecOps maturity levels -- Maturity level 1 -- Maturity level 2 -- Maturity level 3 -- Maturity level 4 -- KPIs -- DevSecOps - the people aspect -- Summary -- Think and act -- Part 2: DevSecOps Principles and Processes -- Chapter 2: DevSecOps Principles -- DevSecOps principles -- Unifying the CI/CD pipeline -- Fail fast -- Automation and innovation in DevSecOps -- Introducing compliance checks -- Empowering teams to make decisions -- Cross-skilling and educating teams and the cultural aspect approach -- Proper documentation -- Relevant checkpoints -- Building and managing secure Dev environments and toolchains -- Challenges within the DevSecOps pipeline that principles can resolve -- Continuous application changes -- The developer knowledge gap -- Lack of AppSec tool integration -- Summary -- Chapter 3: Understanding the Security Posture -- Understanding your security posture -- Regular meetings -- Managing pipelines -- Testing pipelines -- Tools involved in pipelines -- Why and what measures we take to secure the environment -- Building the vulnerabilities inventory -- Addressing vulnerabilities -- Parameters to define the security posture -- Discovering the third-party component -- Measuring the effectiveness of the technologies used -- Managing workflows -- What measures can we take to monitor an environment? -- A positive way toward the cloud-native world -- Cloud-native architectures -- Provisioning and configuring infrastructure -- Automating controls -- Securing the toolchains</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Where does security stand in the whole development process? -- Compliance and audit -- Multi-cloud security -- Monitoring -- Incident response -- Developer tools -- Vulnerability management -- Summary -- Chapter 4: Understanding Observability -- Why do we need observability? -- The key functions of observability -- Linking observability with monitoring -- Exploring the monitoring process -- Implementing observability with monitoring -- Challenges around observability -- Making organizations observable -- Summary -- Chapter 5: Understanding Chaos Engineering -- Introducing chaos engineering -- Why do we need chaos engineering? -- Best practices while working with chaos engineering -- Techniques involved in chaos engineering -- Specific systems and services that organizations use for chaos engineering -- Measuring the effectiveness of performing chaos engineering -- Tools involved in chaos engineering -- Basic principles of chaos engineering -- Team communication strategies while performing chaos engineering experiments -- Developing robust chaos engineering practice from failures -- Challenges around chaos engineering -- How chaos engineering is different from other testing measures -- Summary -- Part 3: Technology -- Chapter 6: Continuous Integration and Continuous Deployment -- What is a CI/CD pipeline? -- CI -- CD - continuous delivery and continuous deployment -- The benefits of CI/CD -- Automating the CI/CD pipeline -- Source control -- Automated builds -- Continuous testing -- Artifact storing -- Deployment automation -- Environment consistency -- Monitoring and feedback -- Rollbacks -- The importance of a CI/CD pipeline -- Summary -- Chapter 7: Threat Modeling -- What is threat modeling? -- The importance of threat modeling in the software development lifecycle -- Why should we perform threat modeling? -- Threat modeling techniques</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Integrating threat modeling into DevSecOps -- Pre-development phase -- Design phase -- Development phase -- Testing phase -- Deployment phase -- Open source threat modeling tools -- How threat modeling tools help organizations -- Reasons some organizations don't use threat modeling -- Summary -- Chapter 8: Software Composition Analysis (SCA) -- What is SCA? -- How does SCA work? -- SCA tools and their functionalities -- The importance of SCA -- The benefits of SCA -- SAST versus SCA -- The SCA process -- SCA metrics -- Integrating SCA with other security tools -- Resolving the issues without breaking the build -- Detection of security flaws -- Open source SCA tools -- Discussing past breaches -- Summary -- Chapter 9: Static Application Security Testing -- Introduction -- What is SAST? -- SAST tools and their functionalities -- Identifying vulnerabilities early in the development process -- The SAST process -- SAST metrics -- Integrating SAST with other security tools -- Resolving issues without breaking the build -- The benefits of SAST -- The limitations of SAST -- Open source SAST tools -- Case study 1 -- Case study 2 -- Loss due to not following the SAST process -- Summary -- Chapter 10: Infrastructure-as-Code (IaC) Scanning -- What is IaC? -- The importance of IaC scanning -- IaC toolset functionalities -- Advantages and disadvantages of IaC -- Identifying vulnerabilities using IaC -- What is the IaC process? -- IaC metrics -- IaC versus SAST -- IaC security best practices -- IaC in DevSecOps -- Understanding DevSecOps -- The role of IaC in DevSecOps -- The DevSecOps process with IaC -- Key benefits -- Challenges and mitigation -- Conclusion and future outlook -- Open source IaC tools -- Case study 1 - the Codecov security incident -- Case study 2 - Capital One data breach -- Case study 3 - Netflix environment improvement -- Summary</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Chapter 11: Dynamic Application Security Testing (DAST) -- What is DAST? -- Advantages and limitations of DAST -- The DAST process -- DAST usage for developers -- DAST usage for security testers -- The importance of DAST in secure development environments -- Incorporating DAST into the application development life cycle -- Advanced DAST techniques -- Choosing the right DAST tool -- How to perform a DAST scan in an organization -- Integrating DAST with other security tools -- Incorporating DAST into DevOps processes -- Prioritizing and remediating vulnerabilities -- Comparing DAST with other security testing approaches -- SAST -- IAST -- RASP -- The future of DAST -- Summary -- Part 4: Tools -- Chapter 12: Setting Up a DevSecOps Program with Open Source Tools -- Techniques used in setting up the program -- Understanding DevSecOps -- Setting up the CI/CD pipeline -- The technicalities of setting up a CI/CD pipeline -- Implementing security controls -- Identifying open source security tools -- Implementing security policies and procedures -- Managing DevSecOps in production -- Monitoring and managing the DevSecOps pipeline in production -- Using open source tools for monitoring, logging, and alerting -- Incorporating continuous compliance and auditing into the pipeline -- Managing incidents and responding to security breaches -- The benefits of the program -- Summary -- Part 5: Governance and an Effective Security Champions Program -- Chapter 13: License Compliance, Code Coverage, and Baseline Policies -- DevSecOps and its relevance to license compliance -- The distinction between traditional licenses and security implications -- Source code access -- Modification and redistribution -- Community oversight -- Vendor dependency -- Cost and resource allocation -- Different types of software licenses -- Permissive licenses (MIT, Apache)</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Copyleft licenses (GPL, LGPL) -- Proprietary licenses -- The impact of software licenses on the DevSecOps pipeline -- How to perform license reviews -- Tools and techniques -- Engaging legal and security teams -- Documentation and continuous improvement -- Fine-tuning policies associated with licenses -- Establishing an organizational standard -- Exception handling -- Continuous review and improvement -- Case studies -- Case study 1 - the Redis licensing change -- Case study 2 - Elastic versus AWS licensing drama -- Summary -- Chapter 14: Setting Up a Security Champions Program -- The Security Champions program -- Structuring your Security Champions program -- Things to remember before setting up the program -- Who should be a Security Champion? -- How a Security Champions program would look -- The top benefits of starting a Security Champions program -- What does a Security Champion do? -- Security Champions program - why do you need it? -- Shared responsibility models -- The roles of different teams -- Buy-in from the executive -- The importance of executive buy-in -- How to secure executive buy-in -- Measuring the effect of the Security Champions program -- Technical aspects to check the effectiveness of the Security Champions program -- Strategic aspects to check the effectiveness of the Security Champions program -- Summary -- Part 6: Case Studies and Conclusion -- Chapter 15: Case Studies -- Case study 1 - FinTech Corporation -- Challenges faced before implementing DevSecOps -- Steps were taken to transition to DevSecOps -- Results and impact on the company's software development -- Lessons learned -- Case study 2 - Verma Enterprises -- Challenges faced by the organization in terms of security -- Implementation of DevSecOps practices and tools -- Results and benefits achieved -- Case study 3 - HealthPlus</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">The importance of security in healthcare data and systems</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks-Access control</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks-Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Information technology-Management</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="a">Sehgal, Vandana Verma</subfield><subfield code="t">Implementing DevSecOps Practices</subfield><subfield code="d">Birmingham : Packt Publishing, Limited,c2023</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-PQE</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-035210931</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">https://ebookcentral.proquest.com/lib/hwr/detail.action?docID=30977903</subfield><subfield code="l">DE-2070s</subfield><subfield code="p">ZDB-30-PQE</subfield><subfield code="q">HWR_PDA_PQE</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield></record></collection> |
| id | DE-604.BV049871457 |
| illustrated | Not Illustrated |
| indexdate | 2024-09-18T10:01:47Z |
| institution | BVB |
| isbn | 9781803234434 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-035210931 |
| oclc_num | 1411307337 |
| open_access_boolean | |
| owner | DE-2070s |
| owner_facet | DE-2070s |
| physical | 1 Online-Ressource (258 Seiten) |
| psigel | ZDB-30-PQE ZDB-30-PQE HWR_PDA_PQE |
| publishDate | 2023 |
| publishDateSearch | 2023 |
| publishDateSort | 2023 |
| publisher | Packt Publishing, Limited |
| record_format | marc |
| spelling | Sehgal, Vandana Verma Verfasser aut Implementing DevSecOps Practices Supercharge Your Software Security with DevSecOps Excellence 1st ed Birmingham Packt Publishing, Limited 2023 ©2023 1 Online-Ressource (258 Seiten) txt rdacontent c rdamedia cr rdacarrier Description based on publisher supplied metadata and other sources Cover -- Title Page -- Copyright and Credits -- Dedicated -- Contributors -- Table of Contents -- Preface -- Part 1: DevSecOps - What and How? -- Chapter 1: Introducing DevSecOps -- Product development processes -- The Waterfall model -- The Agile methodology -- Understanding the shift from DevOps to DevSecOps -- The new processes within DevSecOps -- DevSecOps maturity levels -- Maturity level 1 -- Maturity level 2 -- Maturity level 3 -- Maturity level 4 -- KPIs -- DevSecOps - the people aspect -- Summary -- Think and act -- Part 2: DevSecOps Principles and Processes -- Chapter 2: DevSecOps Principles -- DevSecOps principles -- Unifying the CI/CD pipeline -- Fail fast -- Automation and innovation in DevSecOps -- Introducing compliance checks -- Empowering teams to make decisions -- Cross-skilling and educating teams and the cultural aspect approach -- Proper documentation -- Relevant checkpoints -- Building and managing secure Dev environments and toolchains -- Challenges within the DevSecOps pipeline that principles can resolve -- Continuous application changes -- The developer knowledge gap -- Lack of AppSec tool integration -- Summary -- Chapter 3: Understanding the Security Posture -- Understanding your security posture -- Regular meetings -- Managing pipelines -- Testing pipelines -- Tools involved in pipelines -- Why and what measures we take to secure the environment -- Building the vulnerabilities inventory -- Addressing vulnerabilities -- Parameters to define the security posture -- Discovering the third-party component -- Measuring the effectiveness of the technologies used -- Managing workflows -- What measures can we take to monitor an environment? -- A positive way toward the cloud-native world -- Cloud-native architectures -- Provisioning and configuring infrastructure -- Automating controls -- Securing the toolchains Where does security stand in the whole development process? -- Compliance and audit -- Multi-cloud security -- Monitoring -- Incident response -- Developer tools -- Vulnerability management -- Summary -- Chapter 4: Understanding Observability -- Why do we need observability? -- The key functions of observability -- Linking observability with monitoring -- Exploring the monitoring process -- Implementing observability with monitoring -- Challenges around observability -- Making organizations observable -- Summary -- Chapter 5: Understanding Chaos Engineering -- Introducing chaos engineering -- Why do we need chaos engineering? -- Best practices while working with chaos engineering -- Techniques involved in chaos engineering -- Specific systems and services that organizations use for chaos engineering -- Measuring the effectiveness of performing chaos engineering -- Tools involved in chaos engineering -- Basic principles of chaos engineering -- Team communication strategies while performing chaos engineering experiments -- Developing robust chaos engineering practice from failures -- Challenges around chaos engineering -- How chaos engineering is different from other testing measures -- Summary -- Part 3: Technology -- Chapter 6: Continuous Integration and Continuous Deployment -- What is a CI/CD pipeline? -- CI -- CD - continuous delivery and continuous deployment -- The benefits of CI/CD -- Automating the CI/CD pipeline -- Source control -- Automated builds -- Continuous testing -- Artifact storing -- Deployment automation -- Environment consistency -- Monitoring and feedback -- Rollbacks -- The importance of a CI/CD pipeline -- Summary -- Chapter 7: Threat Modeling -- What is threat modeling? -- The importance of threat modeling in the software development lifecycle -- Why should we perform threat modeling? -- Threat modeling techniques Integrating threat modeling into DevSecOps -- Pre-development phase -- Design phase -- Development phase -- Testing phase -- Deployment phase -- Open source threat modeling tools -- How threat modeling tools help organizations -- Reasons some organizations don't use threat modeling -- Summary -- Chapter 8: Software Composition Analysis (SCA) -- What is SCA? -- How does SCA work? -- SCA tools and their functionalities -- The importance of SCA -- The benefits of SCA -- SAST versus SCA -- The SCA process -- SCA metrics -- Integrating SCA with other security tools -- Resolving the issues without breaking the build -- Detection of security flaws -- Open source SCA tools -- Discussing past breaches -- Summary -- Chapter 9: Static Application Security Testing -- Introduction -- What is SAST? -- SAST tools and their functionalities -- Identifying vulnerabilities early in the development process -- The SAST process -- SAST metrics -- Integrating SAST with other security tools -- Resolving issues without breaking the build -- The benefits of SAST -- The limitations of SAST -- Open source SAST tools -- Case study 1 -- Case study 2 -- Loss due to not following the SAST process -- Summary -- Chapter 10: Infrastructure-as-Code (IaC) Scanning -- What is IaC? -- The importance of IaC scanning -- IaC toolset functionalities -- Advantages and disadvantages of IaC -- Identifying vulnerabilities using IaC -- What is the IaC process? -- IaC metrics -- IaC versus SAST -- IaC security best practices -- IaC in DevSecOps -- Understanding DevSecOps -- The role of IaC in DevSecOps -- The DevSecOps process with IaC -- Key benefits -- Challenges and mitigation -- Conclusion and future outlook -- Open source IaC tools -- Case study 1 - the Codecov security incident -- Case study 2 - Capital One data breach -- Case study 3 - Netflix environment improvement -- Summary Chapter 11: Dynamic Application Security Testing (DAST) -- What is DAST? -- Advantages and limitations of DAST -- The DAST process -- DAST usage for developers -- DAST usage for security testers -- The importance of DAST in secure development environments -- Incorporating DAST into the application development life cycle -- Advanced DAST techniques -- Choosing the right DAST tool -- How to perform a DAST scan in an organization -- Integrating DAST with other security tools -- Incorporating DAST into DevOps processes -- Prioritizing and remediating vulnerabilities -- Comparing DAST with other security testing approaches -- SAST -- IAST -- RASP -- The future of DAST -- Summary -- Part 4: Tools -- Chapter 12: Setting Up a DevSecOps Program with Open Source Tools -- Techniques used in setting up the program -- Understanding DevSecOps -- Setting up the CI/CD pipeline -- The technicalities of setting up a CI/CD pipeline -- Implementing security controls -- Identifying open source security tools -- Implementing security policies and procedures -- Managing DevSecOps in production -- Monitoring and managing the DevSecOps pipeline in production -- Using open source tools for monitoring, logging, and alerting -- Incorporating continuous compliance and auditing into the pipeline -- Managing incidents and responding to security breaches -- The benefits of the program -- Summary -- Part 5: Governance and an Effective Security Champions Program -- Chapter 13: License Compliance, Code Coverage, and Baseline Policies -- DevSecOps and its relevance to license compliance -- The distinction between traditional licenses and security implications -- Source code access -- Modification and redistribution -- Community oversight -- Vendor dependency -- Cost and resource allocation -- Different types of software licenses -- Permissive licenses (MIT, Apache) Copyleft licenses (GPL, LGPL) -- Proprietary licenses -- The impact of software licenses on the DevSecOps pipeline -- How to perform license reviews -- Tools and techniques -- Engaging legal and security teams -- Documentation and continuous improvement -- Fine-tuning policies associated with licenses -- Establishing an organizational standard -- Exception handling -- Continuous review and improvement -- Case studies -- Case study 1 - the Redis licensing change -- Case study 2 - Elastic versus AWS licensing drama -- Summary -- Chapter 14: Setting Up a Security Champions Program -- The Security Champions program -- Structuring your Security Champions program -- Things to remember before setting up the program -- Who should be a Security Champion? -- How a Security Champions program would look -- The top benefits of starting a Security Champions program -- What does a Security Champion do? -- Security Champions program - why do you need it? -- Shared responsibility models -- The roles of different teams -- Buy-in from the executive -- The importance of executive buy-in -- How to secure executive buy-in -- Measuring the effect of the Security Champions program -- Technical aspects to check the effectiveness of the Security Champions program -- Strategic aspects to check the effectiveness of the Security Champions program -- Summary -- Part 6: Case Studies and Conclusion -- Chapter 15: Case Studies -- Case study 1 - FinTech Corporation -- Challenges faced before implementing DevSecOps -- Steps were taken to transition to DevSecOps -- Results and impact on the company's software development -- Lessons learned -- Case study 2 - Verma Enterprises -- Challenges faced by the organization in terms of security -- Implementation of DevSecOps practices and tools -- Results and benefits achieved -- Case study 3 - HealthPlus The importance of security in healthcare data and systems Computer networks-Access control Computer networks-Security measures Information technology-Management Erscheint auch als Druck-Ausgabe Sehgal, Vandana Verma Implementing DevSecOps Practices Birmingham : Packt Publishing, Limited,c2023 |
| spellingShingle | Sehgal, Vandana Verma Implementing DevSecOps Practices Supercharge Your Software Security with DevSecOps Excellence Cover -- Title Page -- Copyright and Credits -- Dedicated -- Contributors -- Table of Contents -- Preface -- Part 1: DevSecOps - What and How? -- Chapter 1: Introducing DevSecOps -- Product development processes -- The Waterfall model -- The Agile methodology -- Understanding the shift from DevOps to DevSecOps -- The new processes within DevSecOps -- DevSecOps maturity levels -- Maturity level 1 -- Maturity level 2 -- Maturity level 3 -- Maturity level 4 -- KPIs -- DevSecOps - the people aspect -- Summary -- Think and act -- Part 2: DevSecOps Principles and Processes -- Chapter 2: DevSecOps Principles -- DevSecOps principles -- Unifying the CI/CD pipeline -- Fail fast -- Automation and innovation in DevSecOps -- Introducing compliance checks -- Empowering teams to make decisions -- Cross-skilling and educating teams and the cultural aspect approach -- Proper documentation -- Relevant checkpoints -- Building and managing secure Dev environments and toolchains -- Challenges within the DevSecOps pipeline that principles can resolve -- Continuous application changes -- The developer knowledge gap -- Lack of AppSec tool integration -- Summary -- Chapter 3: Understanding the Security Posture -- Understanding your security posture -- Regular meetings -- Managing pipelines -- Testing pipelines -- Tools involved in pipelines -- Why and what measures we take to secure the environment -- Building the vulnerabilities inventory -- Addressing vulnerabilities -- Parameters to define the security posture -- Discovering the third-party component -- Measuring the effectiveness of the technologies used -- Managing workflows -- What measures can we take to monitor an environment? -- A positive way toward the cloud-native world -- Cloud-native architectures -- Provisioning and configuring infrastructure -- Automating controls -- Securing the toolchains Where does security stand in the whole development process? -- Compliance and audit -- Multi-cloud security -- Monitoring -- Incident response -- Developer tools -- Vulnerability management -- Summary -- Chapter 4: Understanding Observability -- Why do we need observability? -- The key functions of observability -- Linking observability with monitoring -- Exploring the monitoring process -- Implementing observability with monitoring -- Challenges around observability -- Making organizations observable -- Summary -- Chapter 5: Understanding Chaos Engineering -- Introducing chaos engineering -- Why do we need chaos engineering? -- Best practices while working with chaos engineering -- Techniques involved in chaos engineering -- Specific systems and services that organizations use for chaos engineering -- Measuring the effectiveness of performing chaos engineering -- Tools involved in chaos engineering -- Basic principles of chaos engineering -- Team communication strategies while performing chaos engineering experiments -- Developing robust chaos engineering practice from failures -- Challenges around chaos engineering -- How chaos engineering is different from other testing measures -- Summary -- Part 3: Technology -- Chapter 6: Continuous Integration and Continuous Deployment -- What is a CI/CD pipeline? -- CI -- CD - continuous delivery and continuous deployment -- The benefits of CI/CD -- Automating the CI/CD pipeline -- Source control -- Automated builds -- Continuous testing -- Artifact storing -- Deployment automation -- Environment consistency -- Monitoring and feedback -- Rollbacks -- The importance of a CI/CD pipeline -- Summary -- Chapter 7: Threat Modeling -- What is threat modeling? -- The importance of threat modeling in the software development lifecycle -- Why should we perform threat modeling? -- Threat modeling techniques Integrating threat modeling into DevSecOps -- Pre-development phase -- Design phase -- Development phase -- Testing phase -- Deployment phase -- Open source threat modeling tools -- How threat modeling tools help organizations -- Reasons some organizations don't use threat modeling -- Summary -- Chapter 8: Software Composition Analysis (SCA) -- What is SCA? -- How does SCA work? -- SCA tools and their functionalities -- The importance of SCA -- The benefits of SCA -- SAST versus SCA -- The SCA process -- SCA metrics -- Integrating SCA with other security tools -- Resolving the issues without breaking the build -- Detection of security flaws -- Open source SCA tools -- Discussing past breaches -- Summary -- Chapter 9: Static Application Security Testing -- Introduction -- What is SAST? -- SAST tools and their functionalities -- Identifying vulnerabilities early in the development process -- The SAST process -- SAST metrics -- Integrating SAST with other security tools -- Resolving issues without breaking the build -- The benefits of SAST -- The limitations of SAST -- Open source SAST tools -- Case study 1 -- Case study 2 -- Loss due to not following the SAST process -- Summary -- Chapter 10: Infrastructure-as-Code (IaC) Scanning -- What is IaC? -- The importance of IaC scanning -- IaC toolset functionalities -- Advantages and disadvantages of IaC -- Identifying vulnerabilities using IaC -- What is the IaC process? -- IaC metrics -- IaC versus SAST -- IaC security best practices -- IaC in DevSecOps -- Understanding DevSecOps -- The role of IaC in DevSecOps -- The DevSecOps process with IaC -- Key benefits -- Challenges and mitigation -- Conclusion and future outlook -- Open source IaC tools -- Case study 1 - the Codecov security incident -- Case study 2 - Capital One data breach -- Case study 3 - Netflix environment improvement -- Summary Chapter 11: Dynamic Application Security Testing (DAST) -- What is DAST? -- Advantages and limitations of DAST -- The DAST process -- DAST usage for developers -- DAST usage for security testers -- The importance of DAST in secure development environments -- Incorporating DAST into the application development life cycle -- Advanced DAST techniques -- Choosing the right DAST tool -- How to perform a DAST scan in an organization -- Integrating DAST with other security tools -- Incorporating DAST into DevOps processes -- Prioritizing and remediating vulnerabilities -- Comparing DAST with other security testing approaches -- SAST -- IAST -- RASP -- The future of DAST -- Summary -- Part 4: Tools -- Chapter 12: Setting Up a DevSecOps Program with Open Source Tools -- Techniques used in setting up the program -- Understanding DevSecOps -- Setting up the CI/CD pipeline -- The technicalities of setting up a CI/CD pipeline -- Implementing security controls -- Identifying open source security tools -- Implementing security policies and procedures -- Managing DevSecOps in production -- Monitoring and managing the DevSecOps pipeline in production -- Using open source tools for monitoring, logging, and alerting -- Incorporating continuous compliance and auditing into the pipeline -- Managing incidents and responding to security breaches -- The benefits of the program -- Summary -- Part 5: Governance and an Effective Security Champions Program -- Chapter 13: License Compliance, Code Coverage, and Baseline Policies -- DevSecOps and its relevance to license compliance -- The distinction between traditional licenses and security implications -- Source code access -- Modification and redistribution -- Community oversight -- Vendor dependency -- Cost and resource allocation -- Different types of software licenses -- Permissive licenses (MIT, Apache) Copyleft licenses (GPL, LGPL) -- Proprietary licenses -- The impact of software licenses on the DevSecOps pipeline -- How to perform license reviews -- Tools and techniques -- Engaging legal and security teams -- Documentation and continuous improvement -- Fine-tuning policies associated with licenses -- Establishing an organizational standard -- Exception handling -- Continuous review and improvement -- Case studies -- Case study 1 - the Redis licensing change -- Case study 2 - Elastic versus AWS licensing drama -- Summary -- Chapter 14: Setting Up a Security Champions Program -- The Security Champions program -- Structuring your Security Champions program -- Things to remember before setting up the program -- Who should be a Security Champion? -- How a Security Champions program would look -- The top benefits of starting a Security Champions program -- What does a Security Champion do? -- Security Champions program - why do you need it? -- Shared responsibility models -- The roles of different teams -- Buy-in from the executive -- The importance of executive buy-in -- How to secure executive buy-in -- Measuring the effect of the Security Champions program -- Technical aspects to check the effectiveness of the Security Champions program -- Strategic aspects to check the effectiveness of the Security Champions program -- Summary -- Part 6: Case Studies and Conclusion -- Chapter 15: Case Studies -- Case study 1 - FinTech Corporation -- Challenges faced before implementing DevSecOps -- Steps were taken to transition to DevSecOps -- Results and impact on the company's software development -- Lessons learned -- Case study 2 - Verma Enterprises -- Challenges faced by the organization in terms of security -- Implementation of DevSecOps practices and tools -- Results and benefits achieved -- Case study 3 - HealthPlus The importance of security in healthcare data and systems Computer networks-Access control Computer networks-Security measures Information technology-Management |
| title | Implementing DevSecOps Practices Supercharge Your Software Security with DevSecOps Excellence |
| title_auth | Implementing DevSecOps Practices Supercharge Your Software Security with DevSecOps Excellence |
| title_exact_search | Implementing DevSecOps Practices Supercharge Your Software Security with DevSecOps Excellence |
| title_full | Implementing DevSecOps Practices Supercharge Your Software Security with DevSecOps Excellence |
| title_fullStr | Implementing DevSecOps Practices Supercharge Your Software Security with DevSecOps Excellence |
| title_full_unstemmed | Implementing DevSecOps Practices Supercharge Your Software Security with DevSecOps Excellence |
| title_short | Implementing DevSecOps Practices |
| title_sort | implementing devsecops practices supercharge your software security with devsecops excellence |
| title_sub | Supercharge Your Software Security with DevSecOps Excellence |
| topic | Computer networks-Access control Computer networks-Security measures Information technology-Management |
| topic_facet | Computer networks-Access control Computer networks-Security measures Information technology-Management |
| work_keys_str_mv | AT sehgalvandanaverma implementingdevsecopspracticessuperchargeyoursoftwaresecuritywithdevsecopsexcellence |