Security
as Code
DevSecOps Patterns with AWS
Compliments of
BK Sarthak Das
& Virginia Chu
,Security as Code
DevOps engineers, developers, and security engineers have
ever-changing roles to play in today’s cloud native world. In “An excellent guide.
order to build secure and resilient applications, you have to
Security as Code takes
be equipped with security knowledge. Enter security as code.
you from abstract
In this book, authors BK Sarthak Das and Virginia Chu concept to the working
demonstrate how to use this methodology to secure technology, people, and
any application and infrastructure you want to deploy. processes. If you need to
With Security as Code, you’ll learn how to create a secure
actually do the work of
environment using CI/CD tooling from AWS and open source
shifting security left, this
providers. You’ll also see how a containerized application can
be deployed as infrastructure as code (IaC) within AWS.
book is for you.”
—Fritz Kunstler
This practical guide also provides common patterns and Principal, AWS Global Services Security
methods to develop secure and resilient infrastructure.
• Learn the tools of the trade using Kubernetes and the AWS “The ultimate hands-on
Code Suite security guide for DevOps
roles, covering tooling
• Set up IaC and run scans to detect misconfigured resources
and processes.”
in your code
—Michael Hausenblas
• Create secure logging patterns with CloudWatch and Solution Engineering Lead, AWS
other tools
• Restrict system access to authorized users with role-based
access control (RBAC) BK Sarthak Das works at Google as a
security engineer and was previously
• Inject faults to test the resiliency of your application with at AWS as a senior security architect.
AWS Fault Injection Simulator or open source tooling
Virginia Chu is a principal DevSecOps
• Learn how to pull everything together into one deployment engineer at AWS who began her career
as a Linux system administrator and
developer.
SECURIT Y Twitter: @oreillymedia
linkedin.com/company/oreilly-media
US $55.99 CAN $69.99 youtube.com/oreillymedia
ISBN: 978-1-098-14277-3
978-1-098-12746-6
www.dbooks.org
, Automate Modern App and
API Security with Ease — Shift Left
with F5 NGINX App Protect
Move Fast, Secure Fast, Stay Agile
In today’s competitive landscape, being agile is more essential than ever before:
it helps you adapt quickly to the latest trends, stay ahead of competitors, and
better serve your customers. You no longer need to sacrifice security for agility.
DevOps can integrate security controls authorized by SecOps across distributed
environments without slowing app performance or release velocity.
Shifting security left is a key strategy for app development and deployment.
By automating application and API security in the early stages of your CI/CD pipeline,
you can build more reliable apps, reduce the cost of a breach by up to 80%, and
accelerate your time to market, keeping you one step ahead of the competition.
NGINX App Protect is a lightweight, high-performance, modern application security
solution that integrates seamlessly into DevOps environments as a WAF or app-level
DoS defense, helping your enterprise shift security left and deliver secure apps
for easy DevSecOps.
Delivers advanced WAF Integrates easily into the CI/CD
security beyond basic tool chain; infrastructure agnostic
OWASP Top 10 protection
Facilitates declarative policies Protects against DoS attacks at
for “security as code” enabling both Layers 4 and 7
enterprises to shift security left
Download a 30-day free trial today at:
nginx.com/free-trial-request/
©2022 F5, Inc. All rights reserved. F5, the F5 logo, F5 NGINX, the NGINX logo, and F5 NGINX App Protect are trademarks of F5, Inc. in the U.S. and in certain other countries. Other F5
trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation,
expressed or implied, claimed by F5, Inc.
, Security as Code
DevSecOps Patterns with AWS
BK Sarthak Das and Virginia Chu
Beijing Boston Farnham Sebastopol Tokyo
www.dbooks.org
as Code
DevSecOps Patterns with AWS
Compliments of
BK Sarthak Das
& Virginia Chu
,Security as Code
DevOps engineers, developers, and security engineers have
ever-changing roles to play in today’s cloud native world. In “An excellent guide.
order to build secure and resilient applications, you have to
Security as Code takes
be equipped with security knowledge. Enter security as code.
you from abstract
In this book, authors BK Sarthak Das and Virginia Chu concept to the working
demonstrate how to use this methodology to secure technology, people, and
any application and infrastructure you want to deploy. processes. If you need to
With Security as Code, you’ll learn how to create a secure
actually do the work of
environment using CI/CD tooling from AWS and open source
shifting security left, this
providers. You’ll also see how a containerized application can
be deployed as infrastructure as code (IaC) within AWS.
book is for you.”
—Fritz Kunstler
This practical guide also provides common patterns and Principal, AWS Global Services Security
methods to develop secure and resilient infrastructure.
• Learn the tools of the trade using Kubernetes and the AWS “The ultimate hands-on
Code Suite security guide for DevOps
roles, covering tooling
• Set up IaC and run scans to detect misconfigured resources
and processes.”
in your code
—Michael Hausenblas
• Create secure logging patterns with CloudWatch and Solution Engineering Lead, AWS
other tools
• Restrict system access to authorized users with role-based
access control (RBAC) BK Sarthak Das works at Google as a
security engineer and was previously
• Inject faults to test the resiliency of your application with at AWS as a senior security architect.
AWS Fault Injection Simulator or open source tooling
Virginia Chu is a principal DevSecOps
• Learn how to pull everything together into one deployment engineer at AWS who began her career
as a Linux system administrator and
developer.
SECURIT Y Twitter: @oreillymedia
linkedin.com/company/oreilly-media
US $55.99 CAN $69.99 youtube.com/oreillymedia
ISBN: 978-1-098-14277-3
978-1-098-12746-6
www.dbooks.org
, Automate Modern App and
API Security with Ease — Shift Left
with F5 NGINX App Protect
Move Fast, Secure Fast, Stay Agile
In today’s competitive landscape, being agile is more essential than ever before:
it helps you adapt quickly to the latest trends, stay ahead of competitors, and
better serve your customers. You no longer need to sacrifice security for agility.
DevOps can integrate security controls authorized by SecOps across distributed
environments without slowing app performance or release velocity.
Shifting security left is a key strategy for app development and deployment.
By automating application and API security in the early stages of your CI/CD pipeline,
you can build more reliable apps, reduce the cost of a breach by up to 80%, and
accelerate your time to market, keeping you one step ahead of the competition.
NGINX App Protect is a lightweight, high-performance, modern application security
solution that integrates seamlessly into DevOps environments as a WAF or app-level
DoS defense, helping your enterprise shift security left and deliver secure apps
for easy DevSecOps.
Delivers advanced WAF Integrates easily into the CI/CD
security beyond basic tool chain; infrastructure agnostic
OWASP Top 10 protection
Facilitates declarative policies Protects against DoS attacks at
for “security as code” enabling both Layers 4 and 7
enterprises to shift security left
Download a 30-day free trial today at:
nginx.com/free-trial-request/
©2022 F5, Inc. All rights reserved. F5, the F5 logo, F5 NGINX, the NGINX logo, and F5 NGINX App Protect are trademarks of F5, Inc. in the U.S. and in certain other countries. Other F5
trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation,
expressed or implied, claimed by F5, Inc.
, Security as Code
DevSecOps Patterns with AWS
BK Sarthak Das and Virginia Chu
Beijing Boston Farnham Sebastopol Tokyo
www.dbooks.org
