Serverless Security

Understand, Assess, and Implement Secure and Reliable Applications in AWS, Microsoft Azure, and Google Cloud
 
 
Apress
  • erschienen am 5. Oktober 2020
  • |
  • XVII, 347 Seiten
 
E-Book | PDF mit Adobe-DRM | Systemvoraussetzungen
978-1-4842-6100-2 (ISBN)
 
Apply the basics of security in serverless computing to new or existing projects. This hands-on guide provides practical examples and fundamentals. You will apply these fundamentals in all aspects of serverless computing: improving the code, securing the application, and protecting the infrastructure. You will come away having security knowledge that enables you to secure a project you are supporting and have technical conversations with cybersecurity personnel.

At a time when there are many news stories on cybersecurity breaches, it is crucial to think about security in your applications. It is tempting to believe that having a third-party host the entire computing platform will increase security. This book shows you why cybersecurity is the responsibility of everyone working on the project.


What You Will Learn

  • Gain a deeper understanding of cybersecurity in serverless computing
  • Know how to use free and open source tools (such as the Node Package Manager, ESLint, and VSCode) to reduce vulnerabilities in your application code
  • Assess potential threats from event triggers in your serverless functions
  • Understand security best practices in serverless computing
  • Develop an agnostic security architecture while reducing risk from vendor-specific infrastructure


Who This Book Is For

Developers or security engineers looking to expand their current knowledge of traditional cybersecurity into serverless computing projects. Individuals just beginning in serverless computing and cybersecurity can apply the concepts in this book in their projects.

1st ed.
  • Englisch
  • CA
  • |
  • USA
APRESS
79 s/w Abbildungen
  • 8,19 MB
978-1-4842-6100-2 (9781484261002)
10.1007/978-1-4842-6100-2
weitere Ausgaben werden ermittelt
Miguel Calles is a freelance cybersecurity content writer. He has an information assurance certification, and works as an engineer on a serverless project. He started in cybersecurity in 2016 for a US government contract, and has been doing technical writing since 2007, and has worked in various engineering roles since 2004. Miguel started his interest in cybersecurity when he was in middle school and was trying to backward engineer websites.

Introduction

Part I: The Need for Security

Chapter 1: Determining Scope

Understanding the Application

Scoping

Chapter 2: Performing a Risk Assessment

Understanding the Threat Landscape

Threat Modeling

Preparing the Risk Assessment

Part II: Securing the Application

Chapter 3: Securing the Code

Assessing Dependencies

Using Static Code Analysis Tools

Writing Unit Tests

Chapter 4: Securing the Interfaces

Identifying the Interfaces

Determining the Interface Inputs

Reducing the Attack Surface

Chapter 5: Securing the Code Repository

Using a Code Repository

Limiting Saved Content

Part III: Securing the Infrastructure

Chapter 5: Restricting Permissions

Understanding Permissions

Identifying the Services

Updating the Permissions

Chapter 6: Account Management

Understanding Account Access

Restricting Account Access

Implementing Multi-Factor Authentication

Using Secrets

Part IV: Monitoring and Alerting

Chapter 7: Monitoring Logs

Understanding Logging Methods

Reviewing Logs

Chapter 8: Monitoring Metrics

Understanding Metrics

Reviewing Metrics

Chapter 9: Monitoring Billing

Understanding Billing

Reviewing Billing

Chapter 10: Monitoring Security Events

Understanding Security Events

Reviewing Security Event

Chapter 10: Alerting

Understanding Alerting

Implementing Alerting

Chapter 11: Auditing

Understanding Auditing

Implementing Auditing

Part V: Security Assessment and Report

Chapter 12: Finalizing the Risk Assessment

Scoring the Identified Risks

Defining the Mitigation Steps

Assessing the Business Impact

Determining the Overall Security Risk Level

Dateiformat: PDF
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat PDF zeigt auf jeder Hardware eine Buchseite stets identisch an. Daher ist eine PDF auch für ein komplexes Layout geeignet, wie es bei Lehr- und Fachbüchern verwendet wird (Bilder, Tabellen, Spalten, Fußnoten). Bei kleinen Displays von E-Readern oder Smartphones sind PDF leider eher nervig, weil zu viel Scrollen notwendig ist. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Bitte beachten Sie bei der Verwendung der Lese-Software Adobe Digital Editions: wir empfehlen Ihnen unbedingt nach Installation der Lese-Software diese mit Ihrer persönlichen Adobe-ID zu autorisieren!

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Download (sofort verfügbar)

36,99 €
inkl. 7% MwSt.
Download / Einzel-Lizenz
PDF mit Adobe-DRM
siehe Systemvoraussetzungen
E-Book bestellen