Kazan Federal University Digital Repository
Practical Security Automation and Testing: Tools and Techniques for Automated Security Scanning and Testing in DevSecOps.
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Hsu Tony Hsiang-Chih. | |
| dc.date.accessioned | 2024-01-26T21:38:05Z | |
| dc.date.available | 2024-01-26T21:38:05Z | |
| dc.date.issued | 2019 | |
| dc.identifier.citation | Hsu. Practical Security Automation and Testing: Tools and Techniques for Automated Security Scanning and Testing in DevSecOps. - Birmingham: Packt Publishing Ltd, 2019 - 1 online resource (245 p.) - URL: https://libweb.kpfu.ru/ebsco/pdf/2022989.pdf | |
| dc.identifier.isbn | 1789611695 | |
| dc.identifier.isbn | 9781789611694 | |
| dc.identifier.uri | https://dspace.kpfu.ru/xmlui/handle/net/178517 | |
| dc.description | Description based upon print version of record. | |
| dc.description | Includes bibliographical references. | |
| dc.description.abstract | Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention. | |
| dc.description.tableofcontents | Cover; Title Page; Copyright and Credits; About Packt; Contributors; Table of Contents; Preface; Chapter 1: The Scope and Challenges of Security Automation; The purposes and myths of security automation; Myth 1 -- doesn't security testing require highly experienced pentesters?; Myth 2 -- isn't it time-consuming to build an automation framework?; Myth 3 -- there are no automation frameworks that are really feasible for security testing; The required skills and suggestions for security automation; General environment setup for coming labs; Summary; Questions; Further reading | |
| dc.description.tableofcontents | Chapter 2: Integrating Security and AutomationThe domains of automation testing and security testing; Automation frameworks and techniques; UI functional testing for web, mobile, and windows; HTTP API testing; HTTP mock server; White-box search with GREP-like tools; Behavior-driven development testing frameworks; Testing data generators; Automating existing security testing; Security testing with an existing automation framework; Summary; Questions; Further reading; Chapter 3: Secure Code Inspection; Case study -- automating a secure code review; Secure coding scanning service -- SWAMP | |
| dc.description.tableofcontents | Step 1 -- adding a new packageStep 2 -- running the assessment; Step 3 -- viewing the results; Secure coding patterns for inspection; Quick and simple secure code scanning tools; Automatic secure code inspection script in Linux; Step 1 -- downloading the CRASS; Step 2 -- executing the code review audit scan; Step 3 -- reviewing the results; Automatic secure code inspection tools for Windows; Step -- downloading VCG (Visual Code Grepper); Step 2: Executing VCG; Step 3: Reviewing the VCG scanning results; Case study -- XXE security; Case study -- deserialization security issue; Summary; Questions | |
| dc.description.tableofcontents | Further readingChapter 4: Sensitive Information and Privacy Testing; The objective of sensitive information testing; PII discovery; Sensitive information discovery; Privacy search tools; Case study -- weak encryption search; Step 1 -- installing The Silver Searcher; Step 2 -- executing the tool (using Windows as an example); Step 3 -- reviewing the results (using Windows as an example); Case study -- searching for a private key; Step 1 -- calculating the entropy; Step 2 -- Searching for high-entropy strings; Step 3 -- Reviewing the results; Case study -- website privacy inspection | |
| dc.description.tableofcontents | Step 1 -- visiting PrivacyScore or setting it up locallyStep 2 -- reviewing the results; Summary; Questions; Further reading; Chapter 5: Security API and Fuzz Testing; Automated security testing for every API release; Building your security API testing framework; Case study 1 -- basic -- web service testing with ZAP CLI; Step 1 -- OWASP ZAP download and launch with port 8090; Step 2 -- install the ZAP-CLI; Step 3 -- execute the testing under ZAP-CLI; Step 4 -- review the results; Case study 2 -- intermediate -- API testing with ZAP and JMeter; Step 1 -- download JMeter | |
| dc.description.tableofcontents | Step 2 -- define HTTP request for the login | |
| dc.language | English | |
| dc.language.iso | en | |
| dc.publisher | Birmingham Packt Publishing Ltd | |
| dc.subject.other | Computer security. | |
| dc.subject.other | Computer software -- Development. | |
| dc.subject.other | Computer security. | |
| dc.subject.other | Computer software -- Development. | |
| dc.subject.other | Electronic books. | |
| dc.title | Practical Security Automation and Testing: Tools and Techniques for Automated Security Scanning and Testing in DevSecOps. | |
| dc.type | Book | |
| dc.description.pages | 1 online resource (245 p.) | |
| dc.collection | Электронно-библиотечные системы | |
| dc.source.id | EN05CEBSCO05C1348 |
войти