Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Implementing Azure DevOps Solutions

You're reading from   Implementing Azure DevOps Solutions Learn about Azure DevOps Services to successfully apply DevOps strategies

Arrow left icon
Product type Paperback
Published in Jun 2020
Publisher Packt
ISBN-13 9781789619690
Length 432 pages
Edition 1st Edition
Tools
Concepts
Arrow right icon
Authors (2):
Arrow left icon
Henry Been Henry Been
Author Profile Icon Henry Been
Henry Been
Maik van der Gaag Maik van der Gaag
Author Profile Icon Maik van der Gaag
Maik van der Gaag
Arrow right icon
View More author details
Toc

Table of Contents (21) Chapters Close

Preface 1. Section 1: Getting to Continuous Delivery
2. Introduction to DevOps FREE CHAPTER 3. Everything Starts with Source Control 4. Moving to Continuous Integration 5. Continuous Deployment 6. Section 2: Expanding your DevOps Pipeline
7. Dependency Management 8. Infrastructure and Configuration as Code 9. Dealing with Databases in DevOps Scenarios 10. Continuous Testing 11. Security and Compliance 12. Section 3: Closing the Loop
13. Application Monitoring 14. Gathering User Feedback 15. Section 4: Advanced Topics
16. Containers 17. Planning Your Azure DevOps Organization 18. AZ-400 Mock Exam 19. Assessments 20. Other Books You May Enjoy

Detecting application code vulnerabilities

The security assessments that are often conducted at regular intervals in the pre-DevOps era cannot be just left out when moving to a DevOps culture. This means that, instead of leaving them out, they must be conducted in some other way. There are two approaches for doing this.

The first approach is to keep doing pen tests, security reviews, and other security inspections at regular intervals just as before. However, instead of waiting for an OK from the tests before moving to production, the code is deployed to production separate from the security assessment(s). This implies that there is an accepted risk that there might be vulnerabilities shipped to production that are found only during the next security scan and will be addressed in the next release. Using this approach, it is possible to achieve speed, but then it also needs to...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image