As developers and operations folks continue to bring new technologies into your IT shop, you will have to modernize your strategies and tactics in order to keep pace. This chapter provides high-level explanations of security tactics for the following:

• APIs and microservices
• Online storage
• Containers and orchestration
• Cloud workflows
• Serverless
• Infrastructure as Code (IaC)
• Security as Code (SaC)
• Platform as a Service (PaaS)
• Infrastructure as a Service (IaaS)
• CI/CD
• DevSecOps
• Cloud
• Cloud workflows

This chapter is a look at modern and new application security tools, as well as modern and new tactics for AppSec.

For some reason, whenever a new type of technology comes out, we tend to throw security out the window. We rush to release something new and shiny, and somehow, we forget all of the lessons we already know. It is essential that when we introduce new and exciting technologies into our production environments that they have been properly secured. In a sandbox (an environment separated from production and the internet), you can be free to run new tools and experiments, without the need to secure anything. However, when technologies are pushed into prod, they must be first evaluated for security weaknesses and properly hardened. Every time.