Cargando…

Practical Security Automation and Testing : Tools and Techniques for Automated Security Scanning and Testing in DevSecOps.

Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention.

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Hsu, Tony Hsiang-Chih
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham : Packt Publishing Ltd, 2019.
Temas:
Acceso en línea:Texto completo

MARC

LEADER 00000cam a2200000Mi 4500
001 EBSCO_on1086130714
003 OCoLC
005 20231017213018.0
006 m o d
007 cr cnu---unuuu
008 190216s2019 enk ob 000 0 eng d
040 |a EBLCP  |b eng  |e pn  |c EBLCP  |d YDX  |d UKMGB  |d TEFOD  |d UKAHL  |d OCLCF  |d N$T  |d OCLCQ  |d K6U  |d OCLCO  |d OCLCQ  |d OCLCO 
015 |a GBB931007  |2 bnb 
016 7 |a 019253136  |2 Uk 
019 |a 1085784200  |a 1086270440  |a 1086672590  |a 1109817478 
020 |a 1789611695 
020 |a 9781789611694  |q (electronic bk.) 
020 |z 1789802024 
020 |z 9781789802023 
029 1 |a AU@  |b 000065066898 
029 1 |a UKMGB  |b 019253136 
029 1 |a AU@  |b 000068892058 
035 |a (OCoLC)1086130714  |z (OCoLC)1085784200  |z (OCoLC)1086270440  |z (OCoLC)1086672590  |z (OCoLC)1109817478 
037 |a 9781789611694  |b Packt Publishing 
037 |a 1EA0623F-F4AD-4542-81F2-BB78DE2D5201  |b OverDrive, Inc.  |n http://www.overdrive.com 
050 4 |a QA76.9.A25 
082 0 4 |a 005.8  |2 23 
049 |a UAMI 
100 1 |a Hsu, Tony Hsiang-Chih. 
245 1 0 |a Practical Security Automation and Testing :  |b Tools and Techniques for Automated Security Scanning and Testing in DevSecOps. 
260 |a Birmingham :  |b Packt Publishing Ltd,  |c 2019. 
300 |a 1 online resource (245 pages) 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
588 0 |a Print version record. 
505 0 |a Cover; Title Page; Copyright and Credits; About Packt; Contributors; Table of Contents; Preface; Chapter 1: The Scope and Challenges of Security Automation; The purposes and myths of security automation; Myth 1 -- doesn't security testing require highly experienced pentesters?; Myth 2 -- isn't it time-consuming to build an automation framework?; Myth 3 -- there are no automation frameworks that are really feasible for security testing; The required skills and suggestions for security automation; General environment setup for coming labs; Summary; Questions; Further reading 
505 8 |a Chapter 2: Integrating Security and AutomationThe domains of automation testing and security testing; Automation frameworks and techniques; UI functional testing for web, mobile, and windows; HTTP API testing; HTTP mock server; White-box search with GREP-like tools; Behavior-driven development testing frameworks; Testing data generators; Automating existing security testing; Security testing with an existing automation framework; Summary; Questions; Further reading; Chapter 3: Secure Code Inspection; Case study -- automating a secure code review; Secure coding scanning service -- SWAMP 
505 8 |a Step 1 -- adding a new packageStep 2 -- running the assessment; Step 3 -- viewing the results; Secure coding patterns for inspection; Quick and simple secure code scanning tools; Automatic secure code inspection script in Linux; Step 1 -- downloading the CRASS; Step 2 -- executing the code review audit scan; Step 3 -- reviewing the results; Automatic secure code inspection tools for Windows; Step -- downloading VCG (Visual Code Grepper); Step 2: Executing VCG; Step 3: Reviewing the VCG scanning results; Case study -- XXE security; Case study -- deserialization security issue; Summary; Questions 
505 8 |a Further readingChapter 4: Sensitive Information and Privacy Testing; The objective of sensitive information testing; PII discovery; Sensitive information discovery; Privacy search tools; Case study -- weak encryption search; Step 1 -- installing The Silver Searcher; Step 2 -- executing the tool (using Windows as an example); Step 3 -- reviewing the results (using Windows as an example); Case study -- searching for a private key; Step 1 -- calculating the entropy; Step 2 -- Searching for high-entropy strings; Step 3 -- Reviewing the results; Case study -- website privacy inspection 
505 8 |a Step 1 -- visiting PrivacyScore or setting it up locallyStep 2 -- reviewing the results; Summary; Questions; Further reading; Chapter 5: Security API and Fuzz Testing; Automated security testing for every API release; Building your security API testing framework; Case study 1 -- basic -- web service testing with ZAP CLI; Step 1 -- OWASP ZAP download and launch with port 8090; Step 2 -- install the ZAP-CLI; Step 3 -- execute the testing under ZAP-CLI; Step 4 -- review the results; Case study 2 -- intermediate -- API testing with ZAP and JMeter; Step 1 -- download JMeter 
505 8 |a Step 2 -- define HTTP request for the login 
520 |a Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention. 
504 |a Includes bibliographical references. 
590 |a eBooks on EBSCOhost  |b EBSCO eBook Subscription Academic Collection - Worldwide 
650 0 |a Computer security. 
650 0 |a Computer software  |x Development. 
650 6 |a Sécurité informatique. 
650 7 |a Computer security  |2 fast 
650 7 |a Computer software  |x Development  |2 fast 
776 0 8 |i Print version:  |a Hsu, Tony Hsiang-Chih.  |t Practical Security Automation and Testing : Tools and Techniques for Automated Security Scanning and Testing in DevSecOps.  |d Birmingham : Packt Publishing Ltd, ©2019  |z 9781789802023 
856 4 0 |u https://ebsco.uam.elogim.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2022989  |z Texto completo 
938 |a Askews and Holts Library Services  |b ASKH  |n AH35894995 
938 |a ProQuest Ebook Central  |b EBLB  |n EBL5679416 
938 |a EBSCOhost  |b EBSC  |n 2022989 
938 |a YBP Library Services  |b YANK  |n 16044695 
994 |a 92  |b IZTAP