Julien Vehent wrote:
I think so many places don't think about the "responding to attacks" part of the equation very well.
This is true, and working in a DevOps environment means using very different tools and techniques that one would use in a old-style infrastructure. (endpoint security on immutable servers? what about serverless forensics? etc.)
At the same time, a lot of proven techniques can and should be ported to modern environments, so the book goes over the important stuff and explains how to implement it.
There's also a little novel about a security incident in chapter 10. I had fun writing, I hope it's a good read
Julien Vehent wrote:Securing DevOps is a technical book, so we talk about tools and techniques a lot! Part 1 is a complete implementation of a CI/CD pipeline and all the security components that we can fit into it. It's 100% hands on. Part 2 is also very technical but more focused on presenting tools and techniques and less on helping the reader implement them (you'll have to do homework). Part 3 is a little less focused on tool but we still present half a dozen of them in the chapter on security testing (ZAP, Scout2, bandit, gas, etc.).
So, yeah, we talk about tools a lot
2. Monitoring and responding to attacks. It is the fate of online services that they will get broken into eventually. When incidents happen, organizations will turn to their security teams for help, and a team must be prepared to react. The second phase of continuous security is to monitor and respond to threats, and protect the services and data the organization relies on, through techniques like fraud and intrusion detection, digital forensics and incident response, with the goal to increase the organization’s preparedness to an incident.