|
|
|
|
LEADER |
00000cam a2200000Mi 4500 |
001 |
EBSCO_on1086130714 |
003 |
OCoLC |
005 |
20231017213018.0 |
006 |
m o d |
007 |
cr cnu---unuuu |
008 |
190216s2019 enk ob 000 0 eng d |
040 |
|
|
|a EBLCP
|b eng
|e pn
|c EBLCP
|d YDX
|d UKMGB
|d TEFOD
|d UKAHL
|d OCLCF
|d N$T
|d OCLCQ
|d K6U
|d OCLCO
|d OCLCQ
|d OCLCO
|
015 |
|
|
|a GBB931007
|2 bnb
|
016 |
7 |
|
|a 019253136
|2 Uk
|
019 |
|
|
|a 1085784200
|a 1086270440
|a 1086672590
|a 1109817478
|
020 |
|
|
|a 1789611695
|
020 |
|
|
|a 9781789611694
|q (electronic bk.)
|
020 |
|
|
|z 1789802024
|
020 |
|
|
|z 9781789802023
|
029 |
1 |
|
|a AU@
|b 000065066898
|
029 |
1 |
|
|a UKMGB
|b 019253136
|
029 |
1 |
|
|a AU@
|b 000068892058
|
035 |
|
|
|a (OCoLC)1086130714
|z (OCoLC)1085784200
|z (OCoLC)1086270440
|z (OCoLC)1086672590
|z (OCoLC)1109817478
|
037 |
|
|
|a 9781789611694
|b Packt Publishing
|
037 |
|
|
|a 1EA0623F-F4AD-4542-81F2-BB78DE2D5201
|b OverDrive, Inc.
|n http://www.overdrive.com
|
050 |
|
4 |
|a QA76.9.A25
|
082 |
0 |
4 |
|a 005.8
|2 23
|
049 |
|
|
|a UAMI
|
100 |
1 |
|
|a Hsu, Tony Hsiang-Chih.
|
245 |
1 |
0 |
|a Practical Security Automation and Testing :
|b Tools and Techniques for Automated Security Scanning and Testing in DevSecOps.
|
260 |
|
|
|a Birmingham :
|b Packt Publishing Ltd,
|c 2019.
|
300 |
|
|
|a 1 online resource (245 pages)
|
336 |
|
|
|a text
|b txt
|2 rdacontent
|
337 |
|
|
|a computer
|b c
|2 rdamedia
|
338 |
|
|
|a online resource
|b cr
|2 rdacarrier
|
588 |
0 |
|
|a Print version record.
|
505 |
0 |
|
|a Cover; Title Page; Copyright and Credits; About Packt; Contributors; Table of Contents; Preface; Chapter 1: The Scope and Challenges of Security Automation; The purposes and myths of security automation; Myth 1 -- doesn't security testing require highly experienced pentesters?; Myth 2 -- isn't it time-consuming to build an automation framework?; Myth 3 -- there are no automation frameworks that are really feasible for security testing; The required skills and suggestions for security automation; General environment setup for coming labs; Summary; Questions; Further reading
|
505 |
8 |
|
|a Chapter 2: Integrating Security and AutomationThe domains of automation testing and security testing; Automation frameworks and techniques; UI functional testing for web, mobile, and windows; HTTP API testing; HTTP mock server; White-box search with GREP-like tools; Behavior-driven development testing frameworks; Testing data generators; Automating existing security testing; Security testing with an existing automation framework; Summary; Questions; Further reading; Chapter 3: Secure Code Inspection; Case study -- automating a secure code review; Secure coding scanning service -- SWAMP
|
505 |
8 |
|
|a Step 1 -- adding a new packageStep 2 -- running the assessment; Step 3 -- viewing the results; Secure coding patterns for inspection; Quick and simple secure code scanning tools; Automatic secure code inspection script in Linux; Step 1 -- downloading the CRASS; Step 2 -- executing the code review audit scan; Step 3 -- reviewing the results; Automatic secure code inspection tools for Windows; Step -- downloading VCG (Visual Code Grepper); Step 2: Executing VCG; Step 3: Reviewing the VCG scanning results; Case study -- XXE security; Case study -- deserialization security issue; Summary; Questions
|
505 |
8 |
|
|a Further readingChapter 4: Sensitive Information and Privacy Testing; The objective of sensitive information testing; PII discovery; Sensitive information discovery; Privacy search tools; Case study -- weak encryption search; Step 1 -- installing The Silver Searcher; Step 2 -- executing the tool (using Windows as an example); Step 3 -- reviewing the results (using Windows as an example); Case study -- searching for a private key; Step 1 -- calculating the entropy; Step 2 -- Searching for high-entropy strings; Step 3 -- Reviewing the results; Case study -- website privacy inspection
|
505 |
8 |
|
|a Step 1 -- visiting PrivacyScore or setting it up locallyStep 2 -- reviewing the results; Summary; Questions; Further reading; Chapter 5: Security API and Fuzz Testing; Automated security testing for every API release; Building your security API testing framework; Case study 1 -- basic -- web service testing with ZAP CLI; Step 1 -- OWASP ZAP download and launch with port 8090; Step 2 -- install the ZAP-CLI; Step 3 -- execute the testing under ZAP-CLI; Step 4 -- review the results; Case study 2 -- intermediate -- API testing with ZAP and JMeter; Step 1 -- download JMeter
|
505 |
8 |
|
|a Step 2 -- define HTTP request for the login
|
520 |
|
|
|a Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention.
|
504 |
|
|
|a Includes bibliographical references.
|
590 |
|
|
|a eBooks on EBSCOhost
|b EBSCO eBook Subscription Academic Collection - Worldwide
|
650 |
|
0 |
|a Computer security.
|
650 |
|
0 |
|a Computer software
|x Development.
|
650 |
|
6 |
|a Sécurité informatique.
|
650 |
|
7 |
|a Computer security
|2 fast
|
650 |
|
7 |
|a Computer software
|x Development
|2 fast
|
776 |
0 |
8 |
|i Print version:
|a Hsu, Tony Hsiang-Chih.
|t Practical Security Automation and Testing : Tools and Techniques for Automated Security Scanning and Testing in DevSecOps.
|d Birmingham : Packt Publishing Ltd, ©2019
|z 9781789802023
|
856 |
4 |
0 |
|u https://ebsco.uam.elogim.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2022989
|z Texto completo
|
938 |
|
|
|a Askews and Holts Library Services
|b ASKH
|n AH35894995
|
938 |
|
|
|a ProQuest Ebook Central
|b EBLB
|n EBL5679416
|
938 |
|
|
|a EBSCOhost
|b EBSC
|n 2022989
|
938 |
|
|
|a YBP Library Services
|b YANK
|n 16044695
|
994 |
|
|
|a 92
|b IZTAP
|