book

Cloud Native Software Security Handbook

Name: Cloud Native Software Security Handbook
Author: Mihir Shah
ISBN: 9781837636983

by Mihir Shah

August 2023

Intermediate to advanced

372 pages

10h 12m

English

Packt Publishing

Read now

Unlock full access

Cloud Native Software Security Handbook
ContributorsAbout the authorAbout the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesConventions usedGet in touchShare Your ThoughtsDownload a free PDF copy of this book
Part 1: Understanding Cloud Native Technology and Security
Chapter 1: Foundations of Cloud Native
Understanding the cloud-native worldWhy consider using cloud-native architecture?Cloud modelsApproach to thinking cloud-nativeComponents of a cloud-native systemOrchestrationMonitoringLogging and tracingContainer registriesService meshesSecuritySummaryQuizFurther readings
Chapter 2: Cloud Native Systems Security Management
Technical requirementsSecure configuration managementUsing OPA for secure configuration managementRequiring encryption for all confidential dataRestricting access to sensitive resourcesEnforcing resource limitsSecure image managementWhy care about image security?Best practices for secure image managementClairHarborCreating an HTTPS connection for the repositoryScanning for vulnerabilities in imagesSummaryQuizFurther readings
Chapter 3: Cloud Native Application Security
Technical requirementsOverview of cloud-native application developmentDifferences between traditional and cloud-native app developmentThe DevOps modelCloud-native architecture and DevOpsIntroduction to application securityOverview of different security threats and attacksIntegrating security into the development processOWASP Top 10 for cloud nativeNot shift-leftSecurity and development trade-offSupplemental security componentsOWASP ASVSSecrets managementHow to create secrets in VaultSummaryQuizFurther reading
Part 2: Implementing Security in Cloud Native Environments
Chapter 4: Building an AppSec Culture
Technical requirementsOverview of building an AppSec programUnderstanding your security needsIdentifying threats and risks in cloud-native environmentsBug bountyEvaluating compliance requirements and regulationsBuilding an effective AppSec program for cloud-nativeSecurity tools for software in developmentThreat modelingProviding security training and awareness to all stakeholdersDeveloping policies and proceduresIncident response and disaster recoveryCloud security policyIdentity and access management policiesContinuous monitoring and improvementSummaryQuizFurther readings
Chapter 5: Threat Modeling for Cloud Native
Technical requirementsDeveloping an approach to threat modelingAn overview of threat modeling for cloud nativeIntegrating threat modeling into Agile and DevOps processesDeveloping a threat matrixCultivating critical thinking and risk assessmentFostering a critical thinking mindsetDeveloping risk assessment skillsThreat modeling frameworksSTRIDEPASTALINDDUNKubernetes threat matrixInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementImpactSummaryQuizFurther readings
Chapter 6: Securing the Infrastructure
Technical requirementsApproach to object access controlKubernetes network policiesCalicoUsing Calico with KubernetesPrinciples for authentication and authorizationAuthenticationAuthorizationImportance of authentication and authorizationKubernetes authentication and authorization mechanismsDefense in depthInfrastructure components in cloud-native environmentsCompute components – virtual machines, containers, and serverless computingNetworking components – VPCs, subnets, load balancers, and ingress controllersStorage services – block storage, object storage, and databasesFalco – real-time monitoring for cloud workloadsSummaryQuizFurther readings

Chapter 7: Cloud Security Operations
Technical requirementsNovel techniques in sourcing data pointsCentralized logging with the EFK stackCreating alerting and webhooks within different platformsCreating alerting rules in PrometheusConfiguring webhook notifications for different platforms (e.g., Slack)Automating incident response with custom scripts and toolsAutomated security lapse findingsSecurity Orchestration, Automation, and Response (SOAR) platformsSOAR platforms on the marketIntegrating security tools and automating workflowsIntegrating security toolsAutomating workflowsBuilding and maintaining a security automation playbookElements of a security automation playbookBuilding a security automation playbookMaintaining a security automation playbookSummaryQuizFurther readings
Chapter 8: DevSecOps Practices for Cloud Native
Technical requirementsInfrastructure as CodeThe importance of DevSecOpsDevSecOps in practiceContinuous integration and continuous deployment (CI/CD) in DevSecOpsInfrastructure as Code (IaC) and Policy as Code in DevSecOpsSecurity tools in DevSecOpsSecurity implications of IaCCheckov – a comprehensive overviewPolicy as CodeWhy Policy as Code?Implementing Policy as Code with OPAPolicy as Code in the broader DevSecOps strategyIntegrating Policy as Code into the CI/CD pipelinePolicy as Code – a pillar of DevSecOpsPolicy as Code and Infrastructure as Code – two sides of the same coinContainer securitySecrets managementNetwork policiesSecurity in serverless architecturesSecurity observabilityCompliance auditingThreat modeling and risk assessmentIncident responseSecurity training and cultureContinuous learning and improvement – the DevSecOps mindsetThe role of automation in DevSecOpsThe importance of collaboration in DevSecOpsThe power of open source in DevSecOpsFuture trends – the evolution of DevSecOpsSummaryQuizFurther readings
Part 3: Legal, Compliance, and Vendor Management
Chapter 9: Legal and Compliance
OverviewComprehending privacy in the cloudThe importance of privacy in the cloud-native landscapeThe CCPA and its implications for cloud-nativeOther significant US privacy laws and their implications for cloud-nativeAudit processes, methodologies, and cloud-native adoptionImportance of audit processes and methodologies in cloud-native adoptionCommon audit processes and methodologiesLaws, regulations, and standardsThe CFAA and its implications for cloud-native software securityThe FTCA and its implications for cloud-native software securityOverview of compliance standards and their implications for cloud-native software securityCase studies – incidents related to standards and their implications for security engineersSummaryQuizFurther readings
Chapter 10: Cloud Native Vendor Management and Security Certifications
Security policy frameworkUnderstanding cloud vendor risksUnderstanding security policy frameworksImplementing security policy frameworks with cloud vendorsEffective security policy framework in a cloud environmentBest practices for implementing a security policy framework with cloud vendorsGovernment cloud standards and vendor certificationsIndustry cloud standardsThe importance of adhering to government and industry cloud standardsVendor certificationsEnterprise risk managementThe significance of ERM in cloud securityIncorporating vendor management into your enterprise risk management programRisk analysisRisk analysis – a key step in vendor evaluationTools and techniques for evaluating vendor riskBest practices for vendor selectionBuilding and managing vendor relationshipsCase studyBackgroundRisk analysis and vendor selectionEstablishing strong vendor relationshipManaging the relationshipSuccessful outcomesSummaryQuizFurther readings
Index
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Overview

The "Cloud Native Software Security Handbook" is your definitive guide to securing cloud-native applications. Throughout the book, you'll learn to implement advanced security measures in modern cloud-native environments using cutting-edge tools and frameworks, all while adhering to best practices and legal standards. With this guide, achieving robust and scalable security is made practical and actionable.

What this Book will help me do

Master cloud-native security concepts and their applications.
Learn to secure configurations, networks, and runtime environments effectively.
Implement robust threat modeling and risk mitigation practices.
Optimize security in CI/CD pipelines with real-world strategies.
Understand and achieve compliance with global cloud-security regulations.

Author(s)

Mihir Shah is a seasoned cloud security expert with years of experience developing and implementing scalable security solutions for enterprise environments. With a passion for educating and empowering developers, Mihir combines technical depth with accessibility in his writings. His insights are shaped by a career dedicated to advancing secure coding and systems operations practices.

Who is it for?

Developers, cloud engineers, and DevSecOps professionals seeking a comprehensive understanding of cloud-native security will greatly benefit from this book. Those familiar with cloud platforms and aspiring to delve deeper into securing infrastructure and runtime environments will find this guide invaluable. Individuals focused on adopting the latest security tools and methodologies for scalable systems should read this. If you aim to integrate security seamlessly into the CI/CD pipeline or ensure compliance with security standards, this resource is perfect for you.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781837636983

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills