DevSecOps for Azure
End-to-end supply chain security for GitHub, Azure DevOps, and the Azure cloud
1st Edition
Published on 13. January 2025
342 pages
978-1-83763-333-3 (ISBN)
Description
No detailed description available for "DevSecOps for Azure".
All prices
More details
Other editions
Additional editions
David Okeyode | Joylynn Kirui
DevSecOps for Azure
End-to-end supply chain security for GitHub, Azure DevOps, and the Azure cloud
Book
08/2024
Packt Publishing
€47.30
Shipment within 3-4 weeks
Persons
Okeyode David :
David Okeyode is the EMEA chief technology officer for Azure at Palo Alto Networks. Before that, he was an independent consultant helping companies secure their Azure environments through private expert-level training and assessments. He has authored three books on Azure security - Penetration Testing Azure for Ethical Hackers, Microsoft Azure Security Technologies Certification and Beyond, and Designing and Implementing Microsoft Azure Networking Solutions. He has also authored multiple cloud computing courses for the popular training platform LinkedIn Learning. He holds over 15 cloud certifications across Azure and AWS platforms, including the Azure Security Engineer, Azure DevOps, and AWS Security Specialist certifications. David is married to a lovely girl who makes the best banana cake in the world. They love traveling the world together!Kirui Joylynn :
Joylynn Kirui is a senior cloud security advocate at Microsoft. She focuses on DevSecOps on GitHub and Azure, which includes application security. She is an infosec evangelist who believes in empowering developers and users in general on security best practices. She has vast experience in web and mobile app security testing, DevSecOps, and GSM security, having previously worked in the telco industry. She has a passion for mentorship and training students and empowering them. She has spoken at several conferences, where she shares her knowledge in cybersecurity and software development. She was among the Top 50 Women in Cyber Security Africa 2020 finalists, Woman Hacker of the Year Africa 2020 finalists, and Young CISO Vanguard 2022, among others. When not hacking, she enjoys farming, traveling, and adrenaline-filled activities.
David Okeyode is the EMEA chief technology officer for Azure at Palo Alto Networks. Before that, he was an independent consultant helping companies secure their Azure environments through private expert-level training and assessments. He has authored three books on Azure security - Penetration Testing Azure for Ethical Hackers, Microsoft Azure Security Technologies Certification and Beyond, and Designing and Implementing Microsoft Azure Networking Solutions. He has also authored multiple cloud computing courses for the popular training platform LinkedIn Learning. He holds over 15 cloud certifications across Azure and AWS platforms, including the Azure Security Engineer, Azure DevOps, and AWS Security Specialist certifications. David is married to a lovely girl who makes the best banana cake in the world. They love traveling the world together!Kirui Joylynn :
Joylynn Kirui is a senior cloud security advocate at Microsoft. She focuses on DevSecOps on GitHub and Azure, which includes application security. She is an infosec evangelist who believes in empowering developers and users in general on security best practices. She has vast experience in web and mobile app security testing, DevSecOps, and GSM security, having previously worked in the telco industry. She has a passion for mentorship and training students and empowering them. She has spoken at several conferences, where she shares her knowledge in cybersecurity and software development. She was among the Top 50 Women in Cyber Security Africa 2020 finalists, Woman Hacker of the Year Africa 2020 finalists, and Young CISO Vanguard 2022, among others. When not hacking, she enjoys farming, traveling, and adrenaline-filled activities.
Content
- Cover
- Title Page
- Copyright and Credits
- Foreword
- Contributors
- Table of Contents
- Preface
- Part 1: Understanding DevOps and DevSecOps
- Chapter 1: Agile, DevOps, and Azure Overview
- Technical requirements
- Defining DevOps - Understanding its concepts and practices
- The why of DevOps - Innovation, velocity, and speed
- Understanding the process aspect of DevOps
- Understanding the five core practices of DevOps
- Understanding the stages in a DevOps workflow
- Understanding the people aspect of DevOps
- The importance of a collaborative culture
- Staying clear of DevOps anti-types
- Understanding the product aspect of DevOps - The toolchain
- The platform approach to DevOps tooling
- An overview of the Azure DevOps platform
- An overview of the GitHub platform
- An overview of the GitLab platform
- Azure services for the DevOps workflow
- Agile, DevOps, and the Cloud - A perfect trio
- Hands-on Exercise 1 - Creating an Azure subscription
- Hands-On Exercise 2 - Creating an Azure DevOps organization (linked to your Azure AD tenant)
- Hands-On Exercise 3 - Creating a GitHub Enterprise Cloud trial account
- Summary
- Further reading
- Chapter 2: Security Challenges of the DevOps Workflow
- Technical requirements
- Security challenges of DevOps
- Understanding the limitations of traditional security in a fast-paced DevOps world
- Understanding how DevOps increases the attack surface
- The case for DevSecOps
- Understanding the cultural aspect of DevSecOps
- Understanding the process aspect of DevSecOps
- Considerations for selecting your DevSecOps toolchain
- DevSecOps and supply chain security
- Summary
- Further reading
- Part 2: Securing the Plan and Code Phases of DevOps
- Chapter 3: Implementing Security in the Plan Phase of DevOps
- Technical requirements
- Understanding DevSecOps in the planning phase
- Understanding threat modeling and its benefits
- Traditional threat modeling frameworks
- Threat modeling in DevSecOps
- Understanding the Mozilla RRA process
- Hands-on exercise 1 - Provisioning the lab VM
- Task 1 - Initializing the template deployment to Azure
- Task 2 - Connecting to the lab VM using Azure Bastion
- Hands-on exercise 2 - Performing threat modeling of an e-commerce application
- Task 1 - Downloading and installing the Microsoft Threat Modeling Tool
- Task 2 - Creating a threat model diagram for the eShop application
- Task 3 - Running a threat analysis on the model
- Implementing continuous code-to-cloud security training
- Summary
- Further reading
- Chapter 4: Implementing Pre-Commit Security Controls
- Technical requirements
- Overview of the pre-commit coding phase of DevOps
- Understanding the developer environment options
- Understanding the security categories in the pre-commit phase
- Securing the development environment
- Risk 1 - IDE vulnerability risks
- Risk 2 - Malicious and vulnerable IDE extensions
- Risk 3 - Working with untrusted code
- Risk 4 - Compromised IDE source code
- Additional thoughts on hardening of the development environment
- Addressing common development security mistakes
- Risk 1 - Addressing in-house code vulnerability risk
- Risk 2 - Open source component risk
- Risk 3 - Exposed secret risk
- Choosing the right developer-first security tooling
- Hands-on exercise 1 - Performing code review, dependency checks, and secret scanning on the IDE
- Task 1 - Connecting to the lab VM using Azure Bastion
- Task 2 - Configuring Snyk on Visual Studio Code
- Task 3 - Importing eShopOnWeb to your Visual Studio Code workspace
- Hands-on exercise 2 - Installing and configuring Git pre-commit hooks on the IDE
- Task 1 - Installing pre-commit framework on Visual Studio Code
- Task 2 - Configuring detect-private key and detect-secrets pre-commit hooks on Visual Studio Code
- Summary
- Chapter 5: Implementing Source Control Security
- Technical requirements
- Understanding the post-commit phase of DevOps
- Understanding the security measures in the source control management phase
- Securing the source code management environment
- Managing code repositories securely
- Recommendation 1 - Ensuring repository creation is limited to specific members
- Recommendation 2 - Ensuring sensitive repository operations are limited to specific members
- Recommendation 3 - Ensuring inactive repositories are reviewed and archived periodically
- Recommendation 4 - Repositories should be created with auditing enabled
- Addressing common coding security issues in source control
- Understanding GitHub code security
- Recommendation 1 - Implementing dependency tracking in source control
- Recommendation 2 - Implementing dependency vulnerability assessment and management in source control
- Recommendation 3 - Implementing an open source license compliance scan
- Recommendation 4 - Implementing secret protection in source control
- Hands-on exercise - Performing pre-receive checks and dependency reviews
- Task 1 - Enabling push protection on Azure DevOps
- Task 2 - Enabling push protection on GitHub
- Task 3 - Reviewing dependencies on GitHub
- Summary
- Part 3: Securing the Build, Test, Release, and Operate Phases of DevOps
- Chapter 6: Implementing Security in the Build Phase of DevOps
- Technical requirements
- Understanding the continuous build and test phases of DevOps
- Understanding build system options
- Understanding the security measures in the build phase
- Securing CI environments and processes
- Securing the build services and workers
- Securing the build workers
- Implementing secure access to build environments and workers
- Protecting the build environment from malicious code executions
- Addressing common coding security issues
- Implementing the Microsoft Security DevOps extension
- Integrating GitHub Advanced Security code-scanning capabilities into pipelines
- Integrating GHAS dependency-scanning capabilities into pipelines
- Hands-on exercises - Integrating security within the build phase
- Prerequisites
- Exercise 1 - Integrating SAST, SCA, and secret scanning into the build process
- Exercise 2 - Onboarding your DevOps platforms to DevOps Security in Microsoft Defender for Cloud
- Summary
- Chapter 7: Implementing Security in the Test and Release Phases of DevOps
- Technical requirements
- Understanding the continuous deployment phase of DevOps
- Protecting release artifacts in the release phase
- Ensuring that release artifacts are built from protected branches
- Implementing a code review process
- Selecting secure artifact sources
- Implementing artifact signing for integrity checks
- Managing secrets securely in the release phase
- Implementing auditing for the CI/CD environment
- Implementing security gates in release pipelines
- Implementing DAST as security gates
- Challenges of implementing DAST in a DevOps process
- Implementing security gates in Azure Pipelines and GitHub Actions
- Hands-on exercise - Integrating security within the build and test phases
- Prerequisites
- Task 1 - Implementing artifact signing for integrity checks
- Task 2 - Integrating DAST tools to find and fix security vulnerabilities in the TEST phase
- Summary
- Chapter 8: Continuous Security Monitoring on Azure
- Technical requirements
- Understanding continuous monitoring in DevOps
- Understanding the interconnected risks of Azure and cloud-native applications
- Securing an application runtime environment
- Implementing runtime security gates to stop critical risks
- Implementing runtime security gates using Azure Policy
- Implementing runtime security gates using the Kubernetes admission controller
- Implementing continuous security monitoring for runtime environments
- Protecting applications at runtime in Azure
- The challenges of runtime protection in modern cloud environments
- Protecting applications running in Azure App Service
- Protecting serverless workloads at runtime in Azure
- Protecting container workloads in Azure
- Hands-on exercise - Continuous security monitoring on Azure
- Task 1 - Implementing and operationalizing CSPM
- Task 2 - Implementing and operationalizing continuous container workload protection
- Summary
- Further reading
- Index
- Other Books You May Enjoy
