This blog talks about DevSecOps and how its all about introducing security earlier in the life cycle of application development, thus minimizing vulnerabilities and bringing security closer to IT and business objectives.
The technologies that are covered in this blog are a part of the Azure DevOps environment. If it’s something in which you have an interest or you want to learn, then you can visit our previous blog to know more about the [AZ-400] Microsoft Azure DevOps certification.
In this blog we will be covering:
- Why DevSecOps Is Important?
- DevOps Vs. DevSecOps: The Integration
- How To Integrate The DevSecOps?
- Categories Of DevSecOps
Why DevSecOps Is Important?
DevOps Vs. DevSecOps: The Integration
Integrating security into DevOps to deliver DevSecOps requires new mindsets, processes, and tools. Security and risk management leaders need to adhere to the collaborative, agile nature of DevOps to be seamless and transparent in the development process, making security as silent and seamless as possible. However, this is difficult for two different disciplines.
How To Integrate The DevSecOps?
- A developer creates code within a version control management system.
- The changes are committed to the version control management system.
- Another developer retrieves the code from the version control management system and carries out an analysis of the static code to identify any security defects or bugs in code quality.
- An environment is then created, using an infrastructure-as-code tool, such as Chef. The application is deployed and security configurations are applied to the system.
- A test automation suite is then executed against the newly deployed application, including back-end, UI, integration, security tests, and API.
- If the application passes these tests, it is deployed to a production environment.
- This new production environment is monitored continuously to identify any active security threats to the system.
Categories Of DevSecOps
Code Security Tools
- SonarQube / SonarCloud
- Source Guard
- Shiftleft Scan
- checkmarx
- Veracode Greenlight
Build Security Tools
- Burp Suite
- Zed Attack Proxy (ZAP)
- ModSecurity
- WhiteSource Bolt
- Skipfish
- Veracode SourceClear
Code Security Tools
- Yelp
- CredScan
- Changeme
- Secret-code-scanner
- Veracode Greenlight
Artifactory Security Tools
- Jfrog Xray
- Kroll Parser
- Archiva
- Aqua
- Anchore
SCA Security Tools
- Qualys
- Snyk
- WhiteSource
- Veracode
- CheckMarx
Container Security Tools
- Aqua Security Tools
- Anchore Container security
- Whitesource
- Twistlock
- Qualis
- Clair
Penetration Testing Tools
- Qualys
- Snyk
- WhiteSource
- Veracode
Threat Modelling Tools
- OWASP Threat Dragon
- Microsoft Threat Modelling Tool 2016.
- Threat Modeler
- Raindance
- Threatspec
- PyTM
Website Vulnerability Tools
- URL Freezer
- SQLi Scanner
- XSS Scanner
- Drupal
- Joomla
Related/References
- [AZ-400] Microsoft Azure DevOps Certification Exam: Everything You Need To Know
- [AZ-400] Azure DevOps Certification Path
- [AZ-400] Roles And Responsibilities As An Azure DevOps Engineer
- [AZ-400] Microsoft Azure DevOps Training: Step By Step Activity Guides/Hands-On Lab Exercise
- [AZ-400] Azure DevOps Services for Beginners
- [AZ-400] Designing and Implementing Microsoft DevOps Solutions [Official Page]
- Azure DevOps Service Hooks | Subscription Of Service Hooks | Release Approvals
- SonarCloud Azure DevOps | Integrating SonarCloud In Azure
- Azure DevOps Environments | How To Setup DevOps Environment | Approval Checks | Azure DevOps Pipeline
Next Task For You
Begin your journey towards becoming a Microsoft [AZ-400] Certified Azure DevOps Engineer and earning a lot more in 2020 by joining our FREE Class.
Click on the image below to Register for the Free Class Now!
The post [AZ-400] DevSecOps And Tools appeared first on Cloud Training Program.
