DevSecOps for Azure : End-To-end Supply Chain Security for GitHub, Azure DevOps, and the Azure Cloud

DevSecOps for Azure End-To-end Supply Chain Security for GitHub, Azure DevOps, and the Azure Cloud

Gain holistic insights and practical expertise in embedding security within the DevOps pipeline, specifically tailored for Azure cloud environments Key Features Learn how to integrate security into Azure DevOps workflows for cloud infrastructure Find out how to integrate secure practices across all...

Descripción completa

Detalles Bibliográficos
Otros Autores: Okeyode, David, author (author), Kirui, Joylynn, author (writer of foreword), Hanselman, Scott, writer of foreword
Formato: Libro electrónico
Idioma:Inglés
Publicado: Birmingham, England : Packt Publishing Ltd [2024]
Edición:First edition
Materias:
Microsoft Azure (Computing platform) > Security measures.
Cloud computing > Security measures.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009845436706719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright and Credits
  • Foreword
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Understanding DevOps and DevSecOps
  • Chapter 1: Agile, DevOps, and Azure Overview
  • Technical requirements
  • Defining DevOps - Understanding its concepts and practices
  • The why of DevOps - Innovation, velocity, and speed
  • Understanding the process aspect of DevOps
  • Understanding the five core practices of DevOps
  • Understanding the stages in a DevOps workflow
  • Understanding the people aspect of DevOps
  • The importance of a collaborative culture
  • Staying clear of DevOps anti-types
  • Understanding the product aspect of DevOps - The toolchain
  • The platform approach to DevOps tooling
  • An overview of the Azure DevOps platform
  • An overview of the GitHub platform
  • An overview of the GitLab platform
  • Azure services for the DevOps workflow
  • Agile, DevOps, and the Cloud - A perfect trio
  • Hands-on Exercise 1 - Creating an Azure subscription
  • Hands-On Exercise 2 - Creating an Azure DevOps organization (linked to your Azure AD tenant)
  • Hands-On Exercise 3 - Creating a GitHub Enterprise Cloud trial account
  • Summary
  • Further reading
  • Chapter 2: Security Challenges of the DevOps Workflow
  • Technical requirements
  • Security challenges of DevOps
  • Understanding the limitations of traditional security in a fast-paced DevOps world
  • Understanding how DevOps increases the attack surface
  • The case for DevSecOps
  • Understanding the cultural aspect of DevSecOps
  • Understanding the process aspect of DevSecOps
  • Considerations for selecting your DevSecOps toolchain
  • DevSecOps and supply chain security
  • Summary
  • Further reading
  • Part 2: Securing the Plan and Code Phases of DevOps
  • Chapter 3: Implementing Security in the Plan Phase of DevOps
  • Technical requirements.
  • Understanding DevSecOps in the planning phase
  • Understanding threat modeling and its benefits
  • Traditional threat modeling frameworks
  • Threat modeling in DevSecOps
  • Understanding the Mozilla RRA process
  • Hands-on exercise 1 - Provisioning the lab VM
  • Task 1 - Initializing the template deployment to Azure
  • Task 2 - Connecting to the lab VM using Azure Bastion
  • Hands-on exercise 2 - Performing threat modeling of an e-commerce application
  • Task 1 - Downloading and installing the Microsoft Threat Modeling Tool
  • Task 2 - Creating a threat model diagram for the eShop application
  • Task 3 - Running a threat analysis on the model
  • Implementing continuous code-to-cloud security training
  • Summary
  • Further reading
  • Chapter 4: Implementing Pre-Commit Security Controls
  • Technical requirements
  • Overview of the pre-commit coding phase of DevOps
  • Understanding the developer environment options
  • Understanding the security categories in the pre-commit phase
  • Securing the development environment
  • Risk 1 - IDE vulnerability risks
  • Risk 2 - Malicious and vulnerable IDE extensions
  • Risk 3 - Working with untrusted code
  • Risk 4 - Compromised IDE source code
  • Additional thoughts on hardening of the development environment
  • Addressing common development security mistakes
  • Risk 1 - Addressing in-house code vulnerability risk
  • Risk 2 - Open source component risk
  • Risk 3 - Exposed secret risk
  • Choosing the right developer-first security tooling
  • Hands-on exercise 1 - Performing code review, dependency checks, and secret scanning on the IDE
  • Task 1 - Connecting to the lab VM using Azure Bastion
  • Task 2 - Configuring Snyk on Visual Studio Code
  • Task 3 - Importing eShopOnWeb to your Visual Studio Code workspace
  • Hands-on exercise 2 - Installing and configuring Git pre-commit hooks on the IDE.
  • Task 1 - Installing pre-commit framework on Visual Studio Code
  • Task 2 - Configuring detect-private key and detect-secrets pre-commit hooks on Visual Studio Code
  • Summary
  • Chapter 5: Implementing Source Control Security
  • Technical requirements
  • Understanding the post-commit phase of DevOps
  • Understanding the security measures in the source control management phase
  • Securing the source code management environment
  • Managing code repositories securely
  • Recommendation 1 - Ensuring repository creation is limited to specific members
  • Recommendation 2 - Ensuring sensitive repository operations are limited to specific members
  • Recommendation 3 - Ensuring inactive repositories are reviewed and archived periodically
  • Recommendation 4 - Repositories should be created with auditing enabled
  • Addressing common coding security issues in source control
  • Understanding GitHub code security
  • Recommendation 1 - Implementing dependency tracking in source control
  • Recommendation 2 - Implementing dependency vulnerability assessment and management in source control
  • Recommendation 3 - Implementing an open source license compliance scan
  • Recommendation 4 - Implementing secret protection in source control
  • Hands-on exercise - Performing pre-receive checks and dependency reviews
  • Task 1 - Enabling push protection on Azure DevOps
  • Task 2 - Enabling push protection on GitHub
  • Task 3 - Reviewing dependencies on GitHub
  • Summary
  • Part 3: Securing the Build, Test, Release, and Operate Phases of DevOps
  • Chapter 6: Implementing Security in the Build Phase of DevOps
  • Technical requirements
  • Understanding the continuous build and test phases of DevOps
  • Understanding build system options
  • Understanding the security measures in the build phase
  • Securing CI environments and processes
  • Securing the build services and workers.
  • Securing the build workers
  • Implementing secure access to build environments and workers
  • Protecting the build environment from malicious code executions
  • Addressing common coding security issues
  • Implementing the Microsoft Security DevOps extension
  • Integrating GitHub Advanced Security code-scanning capabilities into pipelines
  • Integrating GHAS dependency-scanning capabilities into pipelines
  • Hands-on exercises - Integrating security within the build phase
  • Prerequisites
  • Exercise 1 - Integrating SAST, SCA, and secret scanning into the build process
  • Exercise 2 - Onboarding your DevOps platforms to DevOps Security in Microsoft Defender for Cloud
  • Summary
  • Chapter 7: Implementing Security in the Test and Release Phases of DevOps
  • Technical requirements
  • Understanding the continuous deployment phase of DevOps
  • Protecting release artifacts in the release phase
  • Ensuring that release artifacts are built from protected branches
  • Implementing a code review process
  • Selecting secure artifact sources
  • Implementing artifact signing for integrity checks
  • Managing secrets securely in the release phase
  • Implementing auditing for the CI/CD environment
  • Implementing security gates in release pipelines
  • Implementing DAST as security gates
  • Challenges of implementing DAST in a DevOps process
  • Implementing security gates in Azure Pipelines and GitHub Actions
  • Hands-on exercise - Integrating security within the build and test phases
  • Prerequisites
  • Task 1 - Implementing artifact signing for integrity checks
  • Task 2 - Integrating DAST tools to find and fix security vulnerabilities in the TEST phase
  • Summary
  • Chapter 8: Continuous Security Monitoring on Azure
  • Technical requirements
  • Understanding continuous monitoring in DevOps.
  • Understanding the interconnected risks of Azure and cloud-native applications
  • Securing an application runtime environment
  • Implementing runtime security gates to stop critical risks
  • Implementing runtime security gates using Azure Policy
  • Implementing runtime security gates using the Kubernetes admission controller
  • Implementing continuous security monitoring for runtime environments
  • Protecting applications at runtime in Azure
  • The challenges of runtime protection in modern cloud environments
  • Protecting applications running in Azure App Service
  • Protecting serverless workloads at runtime in Azure
  • Protecting container workloads in Azure
  • Hands-on exercise - Continuous security monitoring on Azure
  • Task 1 - Implementing and operationalizing CSPM
  • Task 2 - Implementing and operationalizing continuous container workload protection
  • Summary
  • Further reading
  • Index
  • Other Books You May Enjoy.

Ejemplares similares