Accés lliure
Accés lliure

Tabla de Contenidos: “…-- CVSS -- Common Weakness Enumeration -- Known Exploited Vulnerabilities -- CVE, CWE, and KEV -- What we're up against -- Prioritizing your remediations -- CISA's KEV Catalog -- CVSS metric - Attack Vector -- CVSS metric - Attack Complexity -- CVSS metric - Privileges Required -- CVE priority -- Starting with vulnerability scans -- Making it fun -- In the cloud -- Securing your code -- IaC -- SAST -- DAST -- IAST -- Software composition analysis -- OWASP -- Summary -- Chapter 9: Asset Inventory -- Asset inventory -- Identifying your assets -- What is the NIST definition of asset inventory? …”

Tabla de Contenidos: “…-- Advantages and limitations of DAST -- The DAST process -- DAST usage for developers -- DAST usage for security testers -- The importance of DAST in secure development environments -- Incorporating DAST into the application development life cycle -- Advanced DAST techniques -- Choosing the right DAST tool -- How to perform a DAST scan in an organization -- Integrating DAST with other security tools -- Incorporating DAST into DevOps processes -- Prioritizing and remediating vulnerabilities -- Comparing DAST with other security testing approaches -- SAST -- IAST -- RASP -- The future of DAST -- Summary -- Part 4: Tools -- Chapter 12: Setting Up a DevSecOps Program with Open Source Tools -- Techniques used in setting up the program -- Understanding DevSecOps -- Setting up the CI/CD pipeline -- The technicalities of setting up a CI/CD pipeline -- Implementing security controls -- Identifying open source security tools -- Implementing security policies and procedures -- Managing DevSecOps in production -- Monitoring and managing the DevSecOps pipeline in production -- Using open source tools for monitoring, logging, and alerting -- Incorporating continuous compliance and auditing into the pipeline -- Managing incidents and responding to security breaches -- The benefits of the program -- Summary -- Part 5: Governance and an Effective Security Champions Program -- Chapter 13: License Compliance, Code Coverage, and Baseline Policies -- DevSecOps and its relevance to license compliance -- The distinction between traditional licenses and security implications -- Source code access -- Modification and redistribution -- Community oversight -- Vendor dependency -- Cost and resource allocation -- Different types of software licenses -- Permissive licenses (MIT, Apache)…”