July 2019
Intermediate to advanced
480 pages
9h 35m
Chinese
Content preview from 持續交付|使用Java
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
系統品質屬性測試:驗證非功能需求 |
345
安全防護、漏洞與威脅
現在犯罪的人已經越來越精通技術了,再加上越來越多人在連接公共網路的電腦上管理
寶貴(且私人)的資料,各類的因素構成了潛在的安全挑戰。因此,在軟體交付團隊
中,從專案一開始就考慮安全性是每個人的職責。當你試著實作持續交付時,必須了解
並規劃安全防護的許多層面。CD 組建管道通常是很適合編寫與執行安全需求的地方。
這一節將介紹程式碼與依賴項目漏洞檢查、平台特有的安全問題,以及威脅模型建立。
敏捷應用程式安全防護
有些組織認為敏捷方法與安全防護方法是不相容的,個議題眾說紛紜。如果你
正在努力解決這個問題,或發現應用程式有許多需要管理層的支持才可以修復
的安全問題,我們建議你閱讀 Laura Bell、Michael Brunton-Spall 等人合著的
Agile Application Security
(O
’
Reilly)。
程式碼層級的安全驗證
供 FindBugs 靜態分析工具(之前提過了)使用的 Find Security Bugs(
http://find-sec-
bugs.github.io/
)外掛是檢查 Java 程式中已知的安全問題的首選工具,它可以偵測 125 種
漏洞類型,與超過 787 種獨特的 API 簽章。這種工具可以和 Maven 及 Gradle 等組建工
具良好地搭配,根據找到的東西產生 XML 與 HTML 報告。
商用程式碼掃描工具的價值
根據你的安全需求,或許你可以研究商用程式碼安全掃描工具,例如 Black ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.