DevSecOps for .NET Core

​Chapter 1:  Modern Software Engineering

Chapter Goal: This chapter will outline the modern software engineering principles and introduce DevOps as well as requirements and responsibilities of a software engineering team to publish quality software.

No of pages    20

Sub -Topics

1.      Software Design

2.      Solutions on the Internet

3.      Multicultural Customers

4.      Changing Market

5.      Security and Compliance Requirements

Chapter 2:  DevOps with Security

Chapter Goal: This is a practical topic and discusses DevOps pipelines as a mode of automation for software production and outlines important tasks in DevOps where automation can inject security principles to improve product quality.

No of pages: 20-25

Sub - Topics  

1.      DevOps in a Nutshell

2.      Securing Software

3.      Quality Assurance

4.      Pre-commit testing

5.      HTTP vs SSH

Chapter 3: Writing Secure Code

Chapter Goal: This chapter discusses the development phase of DevOps pipeline and outlines how to improve software quality and decrease friction in later stages by preventing known vulnerabilities and code flaws before hand. During this chapter we will explore code issues such as SQL Injection prevention, Cross-site scripting, and other similar issues.

No of pages : 45

Sub - Topics: 

1.      Write Less, Write Secure

2.      Developer Training

3.   Runtime Selection and Configuration

4.   Microservices: Separation of Concerns

5.   Authentication in Services

 

Chapter 4: Automating Everything as Code

Chapter Goal: We discuss the steps necessary to make security, compliance, audit, and UX automated to decrease decoupling and friction in the departments, and introduce key factors that help improve build and hosting environments, which will be discussed in detail in later chapter.

No of pages:40-45

Sub - Topics:

1.  Version Control and Audit

2.  Hosted Code Storage

3.  Infrastructure as Code

4.  Automating Security

5.  Compliance and Policies

6.  Risk and Bugs Analysis

 

Chapter 5: Securing Build Systems for DevOps

Chapter Goal: In this chapter we demonstrate the CI phase of DevOps and utilize our build systems; hosted and on-premises, to apply security and compliance checks throughout the task, we apply code analysis methods to verify quality of product and discusses different approaches to host package archives for deployment.

No of pages: 45

1.      On-Premises vs Hosted CI/CD

2.      Code Analysis Methods

3.      Archive Caching and Hashing

4.      Automated Deployments

 

Chapter 6: Automating Production Environments for Quality

Chapter Goal: This chapter focuses on production hosting environments and their security, such as container and host platform security, network ports scanning, firewall and application gateways to prevent unauthorized access. We also explore how to extract sensitive information out of source code and configuration files using external services to improve privacy.

No of pages: 40

1.  Host Platforms