Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps 1st Edition, Kindle Edition

The book gives a broad coverage for all security aspects of DevOps, ,from infrastructure to communication to application layer. It is helpful for security planning and review of new and established environments.

I Enjoyed the book and its no nonsense concept of getting to the information a practitioner need. Many of the examples, tables and links will assist any security professional in developing a framework or way forward to implement DEVSECOPS. I was pleasantly surprised I would have said 5 stars but the tables seems awkward in the kindle app for PC or IPAD. Really…..4.9 stars to be honest.

Reading the book I got in the background the same question - where is the DevOps here? It is a review of the security aspects in the development process using the DevOps words and that it is all about DevOps. Even the security part is more likely to be an aggregation of information from different public available source. The value of this book? Could be for someone who just get in contact with security in software development process and want to see where could find useful information. The author contribution? Pure theoretical aggregating the info....If you are looking to understand where security in devops is it is not the source you have to look for...start with DevOps handbook which is far more adequate an give more insides into DevOps and security in DevOps.” Hand-on Security in DevOps” is for marketing only...just to make us to pay the price the price that does not deserve it..

This is the largest book of summaries of the topics, no depth. The summary is misleading, has no detail or discussion around how to best implement changes to embrace devsecops in a DevOps environment. Do not waste your money, spend a night searching OWASP and you'll learn more on these topics and how to implement them.

Overall, it's a great overview of the activities, regulations, standards and best practices that a developer would want to look at. If you are a practitioner of cybersecurity it is a nice place to look for all the stuff you need to talk to your developers about.

It's clear to me now why Packt, the publisher, openly has a page in the book basically begging anyone who can even remotely call themselves a "professor" to come write for them. Their threshold for content is extraordinarily low.This book is just a series of summaries with links - which are now dead - to the source material where you might actually learn a thing or two about them. As other reviewers have noted, there is really no DevOps about this - it's just a high-level description of various compliance concepts you should be aware of when developing a cloud application, and even then, it doesn't do a good job describing those concepts. It tees up an intro, and then shoves you off onto the source material for more information.Worse yet, the editing is somewhere between awful and non-existent. Typos and grammatical errors on almost every page. This book looks like it was slapped together in a day in Microsoft Word and sent to a self-publisher.Do not buy.

It's a good book if you are an exec member to get a general understanding of DevSecOps but it's missing a great detail of a LOT OF technologies. The author of the book is quite knowledgable and I recommend following him on LinkedIn to stay up to date but this book in particular is quite bare bones.

As a security engineer, I was glad to see a hands-on book about security in DevOps, but very disappointed because it is not technically hands-on at all. If you are learning security management in a DevOps environment, this book provides you a good framework.

Honestamente no me gusto, el contenido parece un checklist de lo que se podría esperar tener en un modelo DevSecOps; yo esperaba leer algunos métodos de implementación.

Original MRP is 1099 rs. Price is inflated.

Provides a really good overview about security relevant steps during software development lifecycle, combined with practical tipps where to get started and what to consider. I liked especially the well structured lists of assets/standards/tools per topic.

A very good collection and discussion of DevSecOps related topics. Improve/complete this and rhat a little bit and you will get five.