Serverless Security, 1st ed. Understand, Assess, and Implement Secure and Reliable Applications in AWS, Microsoft Azure, and Google Cloud
Auteur : Calles Miguel A.
At a time when there are many news stories on cybersecurity breaches, it is crucial to think about security in your applications. It is tempting to believe that having a third-party host the entire computing platform will increase security. This book shows you why cybersecurity is the responsibility of everyone working on the project.
What You Will Learn
- Gain a deeper understanding of cybersecurity in serverless computing
- Know how to use free and open source tools (such as the Node Package Manager, ESLint, and VSCode) to reduce vulnerabilities in your application code
- Assess potential threats from event triggers in your serverless functions
- Understand security best practices in serverless computing
- Develop an agnostic security architecture while reducing risk from vendor-specific infrastructure
Who This Book Is For
Developers or security engineers looking to expand their current knowledge of traditional cybersecurity into serverless computing projects. Individuals just beginning in serverless computing and cybersecurity can apply the concepts in this book in their projects.
Part I: The Need for Security
Chapter 1: Determining Scope
Understanding the Application
Scoping
Chapter 2: Performing a Risk Assessment
Understanding the Threat Landscape
Threat Modeling
Preparing the Risk Assessment
Part II: Securing the Application
Chapter 3: Securing the Code
Assessing Dependencies
Using Static Code Analysis Tools
Writing Unit Tests
Chapter 4: Securing the Interfaces
Identifying the Interfaces
Determining the Interface Inputs
Reducing the Attack Surface
Chapter 5: Securing the Code Repository
Using a Code Repository
Limiting Saved Content
Part III: Securing the Infrastructure
Chapter 5: Restricting Permissions
Understanding Permissions
Identifying the Services
Updating the Permissions
Chapter 6: Account Management
Understanding Account Access
Restricting Account Access
Implementing Multi-Factor Authentication
Using Secrets
Part IV: Monitoring and Alerting
Chapter 7: Monitoring Logs
Understanding Logging Methods
Reviewing Logs
Chapter 8: Monitoring Metrics
Understanding Metrics
Reviewing Metrics
Chapter 9: Monitoring Billing
Understanding BillingReviewing Billing
Chapter 10: Monitoring Security Events
Understanding Security Events
Reviewing Security Event
Chapter 10: Alerting
Understanding Alerting
Implementing Alerting
Chapter 11: Auditing
Understanding Auditing
Implementing Auditing
Part V: Security Assessment and Report
Chapter 12: Finalizing the Risk Assessment
Scoring the Identified Risks
Defining the Mitigation Steps
Assessing the Business Impact
Determining the Overall Security Risk Level
Reviews traditional cybersecurity principles in the context of serverless computing
Shows you how to integrate tools to improve the cybersecurity posture of your serverless project
Examines security features provided by Amazon Web Services, Azure, and Google Cloud
Provides you with practical hands-on examples for securing a serverless application
Date de parution : 10-2020
Ouvrage de 347 p.
17.8x25.4 cm