Limited Time Sale| Management number | 233483292 | Release Date | 2026/06/27 | List Price | $90.00 | Model Number | 233483292 | ||
|---|---|---|---|---|---|---|---|---|---|
| Category | |||||||||
Container Security EngineeringRootless Containers, Supply-Chain Integrity, and Runtime Defense for Modern DevSecOpsContainers power the world’s most critical infrastructure—but most container platforms are still deployed with implicit trust, excessive privileges, and fragile supply chains. As attacks shift from applications to build pipelines, registries, and runtimes, traditional “container security basics” are no longer enough.Container Security Engineering is the definitive, modern guide for building hardened, verifiable, and continuously defended container platforms from the kernel up. Written for today’s DevSecOps reality and tomorrow’s threat landscape, this book moves beyond theory to deliver practical, production-ready security engineering for Linux containers.This is a systems-level security playbook for engineers responsible for protecting real workloads in hostile environments.What You’ll LearnThis book walks you through the entire container security lifecycle, combining deep technical foundations with hands-on implementation:✔ Threat modeling containers with MITRE ATT&CK, shared-kernel risks, and real escape vectors ✔ Rootless container architectures using Podman and Docker with secure UID/GID mappings and user namespaces ✔ Host and kernel hardening with seccomp, SELinux, AppArmor, sysctl controls, and No New Privileges ✔ Supply-chain security with reproducible builds, vulnerability scanning, and SBOM generation using Trivy and Syft ✔ Image signing, provenance, and trust enforcement with cosign, registries, and policy gates ✔ CI/CD security automation using GitHub Actions, Open Policy Agent (OPA), and release controls ✔ Runtime defense and isolation across networking, filesystem access, and process boundaries ✔ eBPF-driven detection and observability with Falco and Tetragon for real-time threat visibility ✔ Zero-Trust container platforms, workload identity, micro-segmentation, and continuous validation ✔ A capstone project that builds a fully secured, monitored, and policy-enforced container platform from scratchWho This Book Is ForThis book is designed for professionals who need security guarantees, not assumptions:• DevSecOps engineers securing CI/CD pipelines and production clusters • Platform engineers building rootless, least-privilege container runtimes • SREs and system administrators hardening Linux hosts and container platforms • Security engineers and analysts seeking runtime visibility and detection • Architects designing compliant, auditable, and zero-trust container environmentsA working knowledge of Linux and containers is helpful—but this book teaches the security engineering mindset .Modern, Practical, and Enterprise-ReadyAll configurations, policies, and workflows have been validated on real Linux environments, including Fedora, Ubuntu, RHEL, and Rocky Linux. The book emphasizes open-source, vendor-neutral tooling and aligns with industry standards such as:• CIS Benchmarks • NIST SP 800-190 • MITRE ATT&CK for ContainersAppendices provide ready-to-use reference material, including rootless configuration guides, seccomp and SELinux cheat sheets, CI/CD templates, runtime detection rules, attack simulations, and a detailed glossary of container security terms.Why This Book MattersContainer security has entered a new era—defined by rootless execution, verified supply chains, and continuous runtime defense. Organizations that fail to adapt will continue to ship insecure platforms by default.Container Security Engineering gives you the knowledge, patterns, and confidence to build container platforms that are provably secure, operationally sound, and resilient by design. Read more
| ASIN | B0GBBD9HZ5 |
|---|---|
| XRay | Not Enabled |
| Language | English |
| File size | 1.7 MB |
| Page Flip | Enabled |
| Word Wise | Not Enabled |
| Print length | 344 pages |
| Accessibility | Learn more |
| Screen Reader | Supported |
| Publication date | December 21, 2025 |
| Enhanced typesetting | Enabled |
If you notice any omissions or errors in the product information on this page, please use the correction request form below.
Correction Request Form