July 2019
Intermediate to advanced
480 pages
9h 35m
Chinese
Content preview from 持續交付|使用Java
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
系統品質屬性測試:驗證非功能需求 |
359
FaaS / 無伺服器的安全防護
FaaS 和無伺服器平台的安全問題在很大程度上與雲端安全的問題一致,因為 FaaS 平
台通常是大型雲端基礎設施產品的子集合。Synk 安全公司的首席執行官 Guy Podjarny
寫了一篇很棒的 InfoQ 文章,強調了無伺服器技術的關鍵安全問題,文章題目是
“Serverless Security: What
’
s Left to Protect”(
https://www.infoq.com/articles/serverless-
security
),它討論的主題主要是程式碼與依賴項目漏洞掃描以及功能來源(追蹤所有的
功能)的重要性。
下一步:建立威脅模型
建立威脅模型是一種結構化的方法,可以讓你辦識、量化和處理與 app 有關的安全風
險。在設計和開發過程中建立威脅模型可以幫助你確保在開發 app 時,從一開始就內建
了安全性。這一點很重要,因為即使你使用靈活的現代基礎架構(如微服務),你也很
難(或極其昂貴)在新系統即將完成的時候才加入安全防護。從一開始就考量安全,並
且在建立威脅模型的過程中製作文件,可以讓審查人員更深入地了解系統,並且讓他們
更容易辨識 app 的入口,以及與每個入口有關的威脅。OWAS app 威脅建模網站指出,
威脅建模不是新的概念,但近年來,眾人的思維有明顯的改變:現代的威脅建模是從潛
在攻擊者的角度來看待系統,而不是從防禦者的角度。
想要進一步了解威脅建模嗎?
OWASP Application ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.