Learning DevSecOps

Learning DevSecOps

by Steve Suehring
Released May 2024
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781098144869

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

How can organizations integrate security while continuously deploying new features? How can some maintain 24-7-365 operations at internet scale? How do they integrate security into their DevOps organization?

This practical guide helps you answer those questions and more. Author Steve Suehring provides unique content to help practitioners and leadership successfully implement DevOps and DevSecOps. Learning DevSecOps places an emphasis on prerequisites for success before looking at best practices, and then takes you through some of the tools and software used by successful DevSecOps-enabled organizations.

You'll learn how DevOps and DevSecOps can eliminate the walls that exist between development, operations, and security so that you can tackle the needs of other teams early in the development lifecycle.

With this book, you will:

  • Learn why DevSecOps is about culture and processes, with tools to support the processes
  • Understand why DevSecOps practices are key elements to deploying software in a 24-7 environment
  • Deploy software using a DevSecOps toolchain and create scripts to assist
  • Integrate processes from other teams earlier in the software development lifecycle
  • Help team members learn the processes important for successful software development

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. What is DevSecOps?
    2. Who Is This Book For?
    3. How This Book Is Organized
    4. Conventions Used in This Book
    5. Using Code Examples
    6. O’Reilly Online Learning
    7. How to Contact Us
    8. Acknowledgements
  2. 1. The Need for DevSecOps
    1. Developing Software
      1. Developing Agility
      2. Developing Broken Software
      3. Operating in a Darkroom
      4. Security as an Afterthought
    2. Culture First
    3. Processes over Tools
      1. Promoting the Right Skills
      2. DevSecOps as Process
    4. The DevSecOps SDLC
    5. Summary
  3. 2. Foundational Knowledge in 25 Pages or Less
    1. The Command-Line Interface
      1. Command Line Versus Terminal Versus Shell
      2. Why Do I Need the Command Line?
      3. Getting Started with the Command Line
    2. Protocols: A High-Level Overview
      1. Protocol Layers
      2. Two Protocols Plus Another
      3. Basic Internet Protocols
    3. Data Security: Confidentiality, Integrity, and Availability
    4. Development Overview for Scripting
      1. Commands and Built-ins
      2. Basic Programmatic Constructs: Variables, Data, and Data Types
      3. Making Decisions with Conditionals
      4. Looping
      5. Lists and Arrays
    5. Summary
  4. 3. Integrating Security
    1. Integrating Security Practices
      1. Implementing Least Privilege
      2. Maintaining Confidentiality
      3. Data in Flight
      4. Data at Rest
    2. Verifying Integrity
      1. Checksums
      2. Verifying Email
    3. Providing Availability
      1. Service-Level Agreements and Service-Level Objectives
      2. Identifying Stakeholders
      3. Identifying Availability Needs
      4. Defining Availability and Estimating Costs
    4. What About Accountability?
      1. Site Reliability Engineering
      2. Code Traceability and Static Analysis
    5. Becoming Security Aware
      1. Finding Formal Training
      2. Obtaining Free Knowledge
      3. Enlightenment Through Log Analysis
    6. Practical Implementation: OWASP ZAP
      1. Creating a Target
      2. Installing ZAP
      3. Getting Started with ZAP: Manual Scan
    7. Summary
  5. 4. Managing Code and Testing
    1. Examining Development
      1. Be Intentional and Deliberate
      2. Don’t Repeat Yourself
    2. Managing Source Code with Git
      1. A Simple Setup for Git
      2. Using Git (Briefly)
      3. Branching and Merging
      4. Examining the Gitflow Pattern
      5. Examining the Trunk-Based Pattern
    3. Testing Code
      1. Unit Testing
      2. Integration Testing
      3. System Testing
      4. Automating Tests
    4. Summary
  6. 5. Moving Toward Deployment
    1. Managing Configuration as Code and Software Bill of Materials (SBOM)
    2. Using Docker
      1. Container and Image Concepts
      2. Obtaining Images
    3. Deploying Safely with Blue-Green Deployment
    4. Summary
  7. 6. Deploy, Operate, and Monitor
    1. Continuous Integration and Continuous Deployment
      1. Building and Maintaining Environments with Ansible
      2. Using Jenkins for Deployment
      3. Creating a Pipeline
    2. Monitoring
    3. Summary
  8. 7. Plan and Expand
    1. Scaling Up with Kubernetes
      1. Understanding Basic Kubernetes Terms
      2. Installing Kubernetes
    2. Deploying with Kubernetes
      1. Defining a Deployment
      2. Defining a Service
      3. Moving Toward Microservices
      4. Connecting the Resources
    3. Integrating Helm
    4. Summary
  9. 8. Beyond DevSecOps
    1. DevSecOps Patterns
      1. Shift Left and Add CI/CD
      2. Multicloud Integration
      3. Integrated and Automatic Security
      4. Linux Everywhere
      5. Refactor and Redeploy
    2. Summary
  10. A. Ports and Protocols
  11. B. Command Reference
    1. Basic Command-Line Navigation
      1. Directory Listing
      2. Pager
      3. Command Recall and Tab Completion
      4. Creating Directories
      5. Changing Permissions and Ownership
      6. Screen Is Your Friend
      7. Using grep
      8. Using touch
    2. DNS with dig
      1. Determine Address for a Host
      2. Changing the Server to Be Queried
      3. Finding the Authoritative Nameserver
      4. Querying the Authoritative Nameserver
      5. Finding Mail Servers
      6. Finding SPF and TXT Records
      7. Examining the Root
  12. Index
  13. About the Author

Product information

  • Title: Learning DevSecOps
  • Author(s): Steve Suehring
  • Release date: May 2024
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781098144869