東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Linked to FindBook

Google Book

Amazon

博客來

Cybersecurity in a devops environment = from requirements to monitoring /

Record Type:	Electronic resources : Monograph/item
Title/Author:	Cybersecurity in a devops environment/ edited by Andrey Sadovykh ... [et al.].
Reminder of title:	from requirements to monitoring /
other author:	Sadovykh, Andrey.
Published:	Cham :Springer Nature Switzerland : : 2024.,
Description:	xvi, 324 p. :ill., digital ;24 cm.
[NT 15003449]:	Part I: Security Requirements Engineering -- 1. A Taxonomy of Vulnerabilities, Attacks, and Security Solutions in Industrial PLCs -- 2. Natural Language Processing with Machine Learning for Security Requirements Analysis - Practical Approaches -- 3. Security Requirements Formalisation with RQCODE -- Part II: Prevention at Development Time -- 4. Vulnerability Detection and Response: Current Status and New Approaches -- 5. Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems -- 6. Interactive Application Security Testing with Hybrid Fuzzing and Statistical Estimators -- Part III: Protection at Operations -- 7. CTAM: a tool for Continuous Threat Analysis and Management -- 8. EARLY - a tool for real-time security attack detection -- 9. A Stream-Based Approach to Intrusion Detection -- 10. Towards Anomaly Detection using Explainable AI.
Contained By:	Springer Nature eBook
Subject:	Computer security. -
Online resource:	https://doi.org/10.1007/978-3-031-42212-6
ISBN:	9783031422126

Cybersecurity in a devops environment = from requirements to monitoring /
Cybersecurity in a devops environmentfrom requirements to monitoring /[electronic resource] :edited by Andrey Sadovykh ... [et al.]. - Cham :Springer Nature Switzerland :2024. - xvi, 324 p. :ill., digital ;24 cm.

Part I: Security Requirements Engineering -- 1. A Taxonomy of Vulnerabilities, Attacks, and Security Solutions in Industrial PLCs -- 2. Natural Language Processing with Machine Learning for Security Requirements Analysis - Practical Approaches -- 3. Security Requirements Formalisation with RQCODE -- Part II: Prevention at Development Time -- 4. Vulnerability Detection and Response: Current Status and New Approaches -- 5. Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems -- 6. Interactive Application Security Testing with Hybrid Fuzzing and Statistical Estimators -- Part III: Protection at Operations -- 7. CTAM: a tool for Continuous Threat Analysis and Management -- 8. EARLY - a tool for real-time security attack detection -- 9. A Stream-Based Approach to Intrusion Detection -- 10. Towards Anomaly Detection using Explainable AI.

This book provides an overview of software security analysis in a DevOps cycle including requirements formalisation, verification and continuous monitoring. It presents an overview of the latest techniques and tools that help engineers and developers verify the security requirements of large-scale industrial systems and explains novel methods that enable a faster feedback loop for verifying security-related activities, which rely on techniques such as automated testing, model checking, static analysis, runtime monitoring, and formal methods. The book consists of three parts, each covering a different aspect of security engineering in the DevOps context. The first part, "Security Requirements", explains how to specify and analyse security issues in a formal way. The second part, "Prevention at Development Time", offers a practical and industrial perspective on how to design, develop and verify secure applications. The third part, "Protection at Operations", eventually introduces tools for continuous monitoring of security events and incidents. Overall, it covers several advanced topics related to security verification, such as optimizing security verification activities, automatically creating verifiable specifications from security requirements and vulnerabilities, and using these security specifications to verify security properties against design specifications and generate artifacts such as tests or monitors that can be used later in the DevOps process. The book aims at computer engineers in general and does not require specific knowledge. In particular, it is intended for software architects, developers, testers, security professionals, and tool providers, who want to define, build, test, and verify secure applications, Web services, and industrial systems.

ISBN: 9783031422126

Standard No.: 10.1007/978-3-031-42212-6doiSubjects--Topical Terms:

540555
Computer security.

LC Class. No.: QA76.9.A25

Dewey Class. No.: 005.8

Cybersecurity in a devops environment = from requirements to monitoring /
LDR:03676nmm a2200325 a 4500 001 2367592
003 DE-He213
005 20231215134611.0
006 m d
007 cr nn 008maaau
008 241127s2024 sz s 0 eng d
020 $a 9783031422126 $q (electronic bk.)
020 $a 9783031422119 $q (paper)
024 7 $a 10.1007/978-3-031-42212-6 $2 doi
035 $a 978-3-031-42212-6
040 $a GP $c GP
041 0 $a eng
050 4 $a QA76.9.A25
072 7 $a UMZ $2 bicssc
072 7 $a COM051230 $2 bisacsh
072 7 $a UMZ $2 thema
082 0 4 $a 005.8 $2 23
090 $a QA76.9.A25 $b C994 2024
245 0 0 $a Cybersecurity in a devops environment $h [electronic resource] : $b from requirements to monitoring / $c edited by Andrey Sadovykh ... [et al.].
260 $a Cham : $b Springer Nature Switzerland : $b Imprint: Springer, $c 2024.
300 $a xvi, 324 p. : $b ill., digital ; $c 24 cm.
505 0 $a Part I: Security Requirements Engineering -- 1. A Taxonomy of Vulnerabilities, Attacks, and Security Solutions in Industrial PLCs -- 2. Natural Language Processing with Machine Learning for Security Requirements Analysis - Practical Approaches -- 3. Security Requirements Formalisation with RQCODE -- Part II: Prevention at Development Time -- 4. Vulnerability Detection and Response: Current Status and New Approaches -- 5. Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems -- 6. Interactive Application Security Testing with Hybrid Fuzzing and Statistical Estimators -- Part III: Protection at Operations -- 7. CTAM: a tool for Continuous Threat Analysis and Management -- 8. EARLY - a tool for real-time security attack detection -- 9. A Stream-Based Approach to Intrusion Detection -- 10. Towards Anomaly Detection using Explainable AI.
520 $a This book provides an overview of software security analysis in a DevOps cycle including requirements formalisation, verification and continuous monitoring. It presents an overview of the latest techniques and tools that help engineers and developers verify the security requirements of large-scale industrial systems and explains novel methods that enable a faster feedback loop for verifying security-related activities, which rely on techniques such as automated testing, model checking, static analysis, runtime monitoring, and formal methods. The book consists of three parts, each covering a different aspect of security engineering in the DevOps context. The first part, "Security Requirements", explains how to specify and analyse security issues in a formal way. The second part, "Prevention at Development Time", offers a practical and industrial perspective on how to design, develop and verify secure applications. The third part, "Protection at Operations", eventually introduces tools for continuous monitoring of security events and incidents. Overall, it covers several advanced topics related to security verification, such as optimizing security verification activities, automatically creating verifiable specifications from security requirements and vulnerabilities, and using these security specifications to verify security properties against design specifications and generate artifacts such as tests or monitors that can be used later in the DevOps process. The book aims at computer engineers in general and does not require specific knowledge. In particular, it is intended for software architects, developers, testers, security professionals, and tool providers, who want to define, build, test, and verify secure applications, Web services, and industrial systems.
650 0 $a Computer security. $3 540555
650 0 $a Computer software $x Development. $3 542671
650 1 4 $a Software Engineering. $3 890874
650 2 4 $a Data and Information Security. $3 3538510
650 2 4 $a Software Testing. $3 3596835
650 2 4 $a Cyber-Physical Systems. $3 3591993
700 1 $a Sadovykh, Andrey. $3 3710819
710 2 $a SpringerLink (Online service) $3 836513
773 0 $t Springer Nature eBook
856 4 0 $u https://doi.org/10.1007/978-3-031-42212-6
950 $a Computer Science (SpringerNature-11645)