Get full access to Hands-On Security in DevOps and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Summary

In this chapter, we learned about the security practices that take place during the continuous integration cycle in the coding, building, testing, and production deployment phases. For the development stage, we perform secure code scanning, secure compiling checks, and also vulnerable third-party component review. For the static code analysis, we also introduced some of the open source scanning tools for different programming languages. We have also learned how to enable compile-time defenses against buffer overflows, such as ASLR and NX.

For web security testing, we introduced testing approaches in proactive and proxy modes and discussed web automation testing tips to improve the testing effectiveness in terms of business logic, ...

Get Hands-On Security in DevOps now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now