Learning DevSecOps

Learn how to implement continuous security throughout your entire software development and delivery pipeline. With this hands-on book, developers, SREs, tech leads, and security engineers will learn how to combine their security process with their DevOps culture. You'll gain a thorough understanding of the best DevSecOps practices, from the construction of safer container images to the hardening of orchestrators to the methods for securing your cloud environment.

Michelle Ribeiro, CEO of SPIRITSEC, shows you how to introduce security into DevOps culture, methodologies, and tools. You'll learn how to take advantage of contrasting security and DevOps cultures to build an effective DevSecOps program. You'll also explore the four Cs of the cloud native security model--code, container, cloud, and cluster security--by following coded examples.

• Get a review of the current threat environment to learn why security is becoming part of the DevOps movement
• Build an effective DevSecOps program by bridging the gap between the InfoSec and DevOps cultures
• Integrate security into the rapid-release cycles typical of modern software application development and delivery
• Secure your code, containers, clusters, and the cloud
• Avoid common DevSecOps mistakes by looking at case studies from Netflix, Facebook, and HSBC