Security as Code
DevSecOps Patterns with AWS
by BK Sarthak Das, Virginia Chu
DescriptionTable of ContentsDetailsHashtagsReport an issue
In this book, authors BK Sarthak Das and Virginia Chu demonstrate how to use this methodology to secure any application and infrastructure you want to deploy. With Security as Code, you'll learn how to create a secure containerized application with Kubernetes using CI/CD tooling from AWS and open source providers.
This practical book also provides common patterns and methods to securely develop infrastructure for resilient and highly available backups that you can restore with just minimal manual intervention.
- Learn the tools of the trade, using Kubernetes and the AWS Code Suite.
- Set up infrastructure as code and run scans to detect misconfigured resources in your code.
- Create secure logging patterns with CloudWatch and other tools.
- Restrict system access to authorized users with role-based access control (RBAC).
- Inject faults to test the resiliency of your application with AWS Fault Injector or open source tooling.
- Learn how to pull everything together into one deployment. 
Book Description
DevOps engineers, developers, and security engineers have ever-changing roles to play in today's cloud native world. In order to build secure and resilient applications, you have to be equipped with security knowledge. Enter security as code.In this book, authors BK Sarthak Das and Virginia Chu demonstrate how to use this methodology to secure any application and infrastructure you want to deploy. With Security as Code, you'll learn how to create a secure containerized application with Kubernetes using CI/CD tooling from AWS and open source providers.
This practical book also provides common patterns and methods to securely develop infrastructure for resilient and highly available backups that you can restore with just minimal manual intervention.
- Learn the tools of the trade, using Kubernetes and the AWS Code Suite.
- Set up infrastructure as code and run scans to detect misconfigured resources in your code.
- Create secure logging patterns with CloudWatch and other tools.
- Restrict system access to authorized users with role-based access control (RBAC).
- Inject faults to test the resiliency of your application with AWS Fault Injector or open source tooling.
- Learn how to pull everything together into one deployment.
This open access book is Complimented by Nginx. You can download Security as Code ebook for free in PDF format (3.3 MB).
Table of Contents
Chapter 1
Introduction to DevSecOps
Chapter 2
Setting Up Your Environment
Chapter 3
Securing Your Infrastructure
Chapter 4
Logging and Monitoring
Chapter 5
Controlling Access Through Automation
Chapter 6
Fault Injection Test
Chapter 7
People and Processes
Book Details
Title
Security as Code
Subject
Computer Science
Publisher
O'Reilly Media
Published
2023
Pages
122
Edition
1
Language
English
ISBN13 Digital
9781098127466
ISBN10 Digital
1098127463
PDF Size
3.3 MB
License
Compliments of Nginx
Related Books
Node.js is a popular open-source runtime environment that can execute JavaScript outside of the browser. The Node runtime is commonly used for back-end web development, leveraging its asynchronous capabilities to create networking applications and web servers. Node is also a popular choice for building command line tools.
In this book, you will ...
For cloud users and providers alike, security is an everyday concern, yet there are very few books covering cloud security as a main subject. This book will help address this information gap from an Information Technology solution and usage-centric view of cloud infrastructure security. The book highlights the fundamental technology components nece...
Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs - the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team ...
While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking - until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.
Andrew Hoffman, a senior security engineer at Salesforce, intro...
This open book discusses the current role of smallholders in connection with food security and poverty reduction in developing countries. It addresses the opportunities they enjoy, and the constraints they face, by analysing the availability, access to and utilization of production factors.Due to the relevance of smallholder farms, enhancing their ...
This is a chapter from The Criminal Act: The Role and Influence of Routine Activity Theory edited by Martin A. Andresen and Graham Farrell. Target suitability is a cornerstone of Marcus Felson's routine activities approach, and critical in determining crime rates. Recent research identifies reduced target suitability, via improved security, as...