11 DevSecOps: Microsoft Defender for DevOps

 

This chapter covers

  • Shifting security left
  • Infrastructure as code
  • Microsoft Defender for DevOps
  • Cybersecurity as an infinite game

You could argue that a big part of cybersecurity is dealing with bugs found in code—both bugs known and unknown at a given point in time. These bugs could present vulnerabilities and eventually increase the risk of bad actors (like the fictional bad actor Eve) exploiting the vulnerabilities in code to compromise applications running in your environment. What we’re also seeing is that it’s taking less and less time for bad actors to weaponize vulnerabilities in code, which is an alarming trend.

If you need a prime example of why this topic matters, you need look no further than the SolarWinds attack. SolarWinds was breached, and software used by their customers was compromised by a nation-state bad actor. This kind of attack is commonly referred to as a supply chain attack. In a supply chain attack, bad actors look to compromise an environment through less-secure elements in the supply chain (for example, a software vendor whose software is used).

Note

To learn more about the SolarWinds attack, you can start at http://mng.bz/zXPa.

11.1 Developing code more securely

 

11.2 What is shifting security left?

 
 
 

11.3 Infrastructure as code

 
 
 

11.3.1 Infrastructure as code in action

 
 
 

11.3.2 Who is responsible for fixing vulnerabilities in code?

 

11.4 Microsoft Defender for DevOps

 
 

11.4.1 Unified DevOps posture visibility

 
 
 

11.4.2 Microsoft Security DevOps application

 
 

11.4.3 GitHub Advanced Security

 

11.4.4 Microsoft Security DevOps for GitHub in action

 
 
 
 

11.4.5 IaC scanning in GitHub

 
 

11.4.6 Microsoft Security DevOps for Azure DevOps in action

 

11.4.7 IaC scanning in ADO

 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest