Implementing DevSecOps Practices: Understand application security testing and secure coding by integrating SAST and DAST

by Vandana Verma Sehgal

Get to grips with application security, secure coding, and DevSecOps practices to implement in your development pipeline The purpose and intent of DevSecOps are to build on the mindset that "everyone is responsible for security" with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the required safety. It helps improve the security and overall quality of the software being developed. This book starts with a brief introduction to DevOps, DevSecOps, and the principles behind them. Understanding the principles, we'll dig deeper into different topics for Application Security and Secure Coding. We will understand what a secure development lifecycle is and how to perform Threat Modeling properly. We’ll also cover the various tools available for those tasks, as well as the best practices for developing secure code and embedding security and policy into an application. Finally, we'll look at Automation and Infrastructure Security with our main focusing on continuous security testing, Infrastructure as Code, protecting the DevOps tools, and learning about the software supply chain. By the end of this book, you will know how to apply application security, secure coding, and DevSecOps practices into our development pipeline. This book is targeted at DevSecOps Engineers and Application Security Engineers. Developers, Pentesters, and Information Security Analysts will also benefit from this book. Prior knowledge of the software development process and programming logic is desired, but not required.

258 pages, Paperback

Published December 22, 2023