Security as code : devsecops patterns with aws 🔍
BK Sarthak Das; Virginia Chu
O'Reilly Media, Incorporated; O'Reilly Media, 1, PS, 2023
英语 [en] · PDF · 3.3MB · 2023 · 📘 非小说类图书 · 🚀/lgli/lgrs/nexusstc/zlib · Save
描述
DevOps engineers, developers, and security engineers have ever-changing roles to play in today's cloud native world. In order to build secure and resilient applications, you have to be equipped with security knowledge. Enter security as code.
In this book, authors BK Sarthak Das and Virginia Chu demonstrate how to use this methodology to secure any application and infrastructure you want to deploy. With Security as Code, you'll learn how to create a secure containerized application with Kubernetes using CI/CD tooling from AWS and open source providers.
This practical book also provides common patterns and methods to securely develop infrastructure for resilient and highly available backups that you can restore with just minimal manual intervention.
• Learn the tools of the trade, using Kubernetes and the AWS Code Suite
• Set up infrastructure as code and run scans to detect misconfigured resources in your code
• Create secure logging patterns with CloudWatch and other tools
• Restrict system access to authorized users with role-based access control (RBAC)
• Inject faults to test the resiliency of your application with AWS Fault Injector or open source tooling
• Learn how to pull everything together into one deployment
In this book, authors BK Sarthak Das and Virginia Chu demonstrate how to use this methodology to secure any application and infrastructure you want to deploy. With Security as Code, you'll learn how to create a secure containerized application with Kubernetes using CI/CD tooling from AWS and open source providers.
This practical book also provides common patterns and methods to securely develop infrastructure for resilient and highly available backups that you can restore with just minimal manual intervention.
• Learn the tools of the trade, using Kubernetes and the AWS Code Suite
• Set up infrastructure as code and run scans to detect misconfigured resources in your code
• Create secure logging patterns with CloudWatch and other tools
• Restrict system access to authorized users with role-based access control (RBAC)
• Inject faults to test the resiliency of your application with AWS Fault Injector or open source tooling
• Learn how to pull everything together into one deployment
备用文件名
lgli/OReilly.Security.as.Code.DevSecOps.Patterns.with.AWS.1098127463.pdf
备用文件名
lgrsnf/OReilly.Security.as.Code.DevSecOps.Patterns.with.AWS.1098127463.pdf
备用文件名
zlib/no-category/BK Sarthak Das, Virginia Chu/Security as Code: DevSecOps Patterns with AWS_24575509.pdf
备选作者
Das, BK Sarthak; Chu, Virginia
备选作者
B. K. Sarthak Das
备用版本
United States, United States of America
备用版本
O'Reilly Media, Sebastopol, CA, 2023
备用版本
First edition, Beijing, 2023
备用版本
Amsterdam, 2023
备用版本
Boston, 2023
元数据中的注释
Publisher's PDF
元数据中的注释
{"content":{"parsed_at":1697509983,"source_extension":"epub"},"edition":"1","isbns":["1098127404","1098127439","1098127463","9781098127404","9781098127435","9781098127466"],"last_page":119,"publisher":"O'Reilly Media"}
备用描述
Cover
Copyright
Table of Contents
Preface
Who Is This Book For?
What Do You Need To Get Started?
What’s in This Book?
Conventions Used in This Book
Using Code Examples
O’Reilly Online Learning
How to Contact Us
Acknowledgments
Chapter 1. Introduction to DevSecOps
Before DevOps: The Software Development Life Cycle
What Is DevSecOps?
Introducing Automatoonz
Cloud Infrastructure: Secure by Default
Move Fast, Secure Fast: The Importance of Automation
DevSecOps Culture
Summary
Chapter 2. Setting Up Your Environment
What You’ll Need
Installing and Verifying Your Setup
Installing the AWS CLI
Installing the Docker Engine
Checking Your Python Version
Installing Git
Installing Kubernetes
Creating Your First Bare-Bones Pipeline
Summary
Chapter 3. Securing Your Infrastructure
What Makes Infrastructure Secure?
Hands Off! Preventing Unwanted Access with IAM Permissions
Detecting Misconfigurations
Identifying a Standard
Threat Modeling
Security Controls
Better Than a Cure: Implementing Preventive Controls
Implementation
Summary
Chapter 4. Logging and Monitoring
What Are Logging and Monitoring—and Why Do They Matter?
Attack Styles
Advanced Persistent Threat Attacks
Ransomware Strains
Passive and Active Attacks
Log Types
Log Storage
Detecting Anomalies
Remediation with AWS Config
Correlating User Activity with CloudTrail
Network Monitoring with an Amazon VPC
Summary
Chapter 5. Controlling Access Through Automation
The Principle of Least Privilege
Fine-Tuning Access Controls
Use a Tagging System
Clarify Team Responsibilities
Prevent and Detect
The IAM Pipeline
Summary
Chapter 6. Fault Injection Test
Distributed Systems
Adaptive Security Controls
The True Cost of Downtime
Methods for Minimizing Downtime
Chaos Engineering
Basic Principles
Advanced Principles
Chaos Engineering in AWS Environments
Chaos Engineering at Automatoonz
AWS Fault Injection Simulator Experiment Examples
Kubernetes Pod Stress Testing
Throttling EC2 API Calls
Stress Testing the CPU on an EC2 Instance
Terminating an EC2 Instance
Removing Ingress and Egress Rules from a Security Group
Detaching an EBS Volume from an EC2 Instance
Summary
Chapter 7. People and Processes
People: Team Structures and Roles
Security Engineers
Developers
Compliance Team
Product Manager
Team Structure
Processes: Practices and Communication
Communicate to the Right People, Consistently
Make Product Owners Accountable for Their Security Findings
Build Threat Modeling into Your Processes
Build Roadmaps to Reach Your DevSecOps Goals
What Next?
Summary
Index
About the Authors
Colophon
Copyright
Table of Contents
Preface
Who Is This Book For?
What Do You Need To Get Started?
What’s in This Book?
Conventions Used in This Book
Using Code Examples
O’Reilly Online Learning
How to Contact Us
Acknowledgments
Chapter 1. Introduction to DevSecOps
Before DevOps: The Software Development Life Cycle
What Is DevSecOps?
Introducing Automatoonz
Cloud Infrastructure: Secure by Default
Move Fast, Secure Fast: The Importance of Automation
DevSecOps Culture
Summary
Chapter 2. Setting Up Your Environment
What You’ll Need
Installing and Verifying Your Setup
Installing the AWS CLI
Installing the Docker Engine
Checking Your Python Version
Installing Git
Installing Kubernetes
Creating Your First Bare-Bones Pipeline
Summary
Chapter 3. Securing Your Infrastructure
What Makes Infrastructure Secure?
Hands Off! Preventing Unwanted Access with IAM Permissions
Detecting Misconfigurations
Identifying a Standard
Threat Modeling
Security Controls
Better Than a Cure: Implementing Preventive Controls
Implementation
Summary
Chapter 4. Logging and Monitoring
What Are Logging and Monitoring—and Why Do They Matter?
Attack Styles
Advanced Persistent Threat Attacks
Ransomware Strains
Passive and Active Attacks
Log Types
Log Storage
Detecting Anomalies
Remediation with AWS Config
Correlating User Activity with CloudTrail
Network Monitoring with an Amazon VPC
Summary
Chapter 5. Controlling Access Through Automation
The Principle of Least Privilege
Fine-Tuning Access Controls
Use a Tagging System
Clarify Team Responsibilities
Prevent and Detect
The IAM Pipeline
Summary
Chapter 6. Fault Injection Test
Distributed Systems
Adaptive Security Controls
The True Cost of Downtime
Methods for Minimizing Downtime
Chaos Engineering
Basic Principles
Advanced Principles
Chaos Engineering in AWS Environments
Chaos Engineering at Automatoonz
AWS Fault Injection Simulator Experiment Examples
Kubernetes Pod Stress Testing
Throttling EC2 API Calls
Stress Testing the CPU on an EC2 Instance
Terminating an EC2 Instance
Removing Ingress and Egress Rules from a Security Group
Detaching an EBS Volume from an EC2 Instance
Summary
Chapter 7. People and Processes
People: Team Structures and Roles
Security Engineers
Developers
Compliance Team
Product Manager
Team Structure
Processes: Practices and Communication
Communicate to the Right People, Consistently
Make Product Owners Accountable for Their Security Findings
Build Threat Modeling into Your Processes
Build Roadmaps to Reach Your DevSecOps Goals
What Next?
Summary
Index
About the Authors
Colophon
开源日期
2023-02-18
We strongly recommend that you support the author by buying or donating on their personal website, or borrowing in your local library.
🚀 快速下载
成为会员以支持书籍、论文等的长期保存。为了感谢您对我们的支持,您将获得高速下载权益。❤️
如果您在本月捐款,您将获得双倍的快速下载次数。
🐢 低速下载
由可信的合作方提供。 更多信息请参见常见问题解答。 (可能需要验证浏览器——无限次下载!)
- 低速服务器(合作方提供) #1 (稍快但需要排队)
- 低速服务器(合作方提供) #2 (稍快但需要排队)
- 低速服务器(合作方提供) #3 (稍快但需要排队)
- 低速服务器(合作方提供) #4 (稍快但需要排队)
- 低速服务器(合作方提供) #5 (无需排队,但可能非常慢)
- 低速服务器(合作方提供) #6 (无需排队,但可能非常慢)
- 低速服务器(合作方提供) #7 (无需排队,但可能非常慢)
- 低速服务器(合作方提供) #8 (无需排队,但可能非常慢)
- 低速服务器(合作方提供) #9 (无需排队,但可能非常慢)
- 下载后: 在我们的查看器中打开
所有选项下载的文件都相同,应该可以安全使用。即使这样,从互联网下载文件时始终要小心。例如,确保您的设备更新及时。
外部下载
-
对于大文件,我们建议使用下载管理器以防止中断。
推荐的下载管理器:JDownloader -
您将需要一个电子书或 PDF 阅读器来打开文件,具体取决于文件格式。
推荐的电子书阅读器:Anna的档案在线查看器、ReadEra和Calibre -
使用在线工具进行格式转换。
推荐的转换工具:CloudConvert和PrintFriendly -
您可以将 PDF 和 EPUB 文件发送到您的 Kindle 或 Kobo 电子阅读器。
推荐的工具:亚马逊的“发送到 Kindle”和djazz 的“发送到 Kobo/Kindle” -
支持作者和图书馆
✍️ 如果您喜欢这个并且能够负担得起,请考虑购买原版,或直接支持作者。
📚 如果您当地的图书馆有这本书,请考虑在那里免费借阅。
下面的文字仅以英文继续。
总下载量:
“文件的MD5”是根据文件内容计算出的哈希值,并且基于该内容具有相当的唯一性。我们这里索引的所有影子图书馆都主要使用MD5来标识文件。
一个文件可能会出现在多个影子图书馆中。有关我们编译的各种数据集的信息,请参见数据集页面。
有关此文件的详细信息,请查看其JSON 文件。 Live/debug JSON version. Live/debug page.