There are some industry security practices we can refer to for the secure configuration of the infrastructure. Here we will introduce three practices: the Center for Internet Security benchmarks, Security Technical Implementation Guides (STIGs), and the OpenSCAP Security Guide.
Secure configuration best practices
by Tony Hsiang-Chih Hsu
Practical Security Automation and Testing
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- The Scope and Challenges of Security Automation
- Integrating Security and Automation
- Secure Code Inspection
- Case study – automating a secure code review
- Secure coding patterns for inspection
- Quick and simple secure code scanning tools
- Case study – XXE security
- Case study – deserialization security issue
- Summary
-  Questions
- Further reading
- Sensitive Information and Privacy Testing
- Security API and Fuzz Testing
- Automated security testing for every API release
- Building your security API testing framework
- Summary
- Questions
- Further reading
- Web Application Security Testing
- Case study – online shopping site for automated security inspection
- Case 1 – web security testing using the ZAP REST API
- Case 2 – full automation with CURL and the ZAP daemon
- Case 3 – automated security testing for the user registration flow with Selenium
- Summary
- Questions
- Further reading
- Android Security Testing
- Infrastructure Security
- The scope of infrastructure security
- Secure configuration best practices
- Network security assessments with Nmap
- CVE vulnerability scanning
- HTTPS security check with SSLyze
- Behavior-driven security automation – Gauntlt
- Summary
- Questions
- Further reading
- BDD Acceptance Security Testing
- Project Background and Automation Approach
- Automated Testing for Web Applications
- Automated Fuzz API Security Testing
- Fuzz testing and data
- API fuzz testing with Automation Frameworks
- Summary
- Questions
- Further reading
- Automated Infrastructure Security
- Managing and Presenting Test Results
- Summary of Automation Security Testing Tips
- List of Scripts and Tools
- Solutions
- Chapter 1: The Scope and Challenges of Security Automation
- Chapter 2: Integrating Security and Automation
- Chapter 3: Secure Code Inspection
- Chapter 4: Sensitive Information and Privacy Testing
- Chapter 5: Security API and Fuzz Testing
- Chapter 6: Web Application Security Testing
- Chapter 7: Android Security Testing
- Chapter 8: Infrastructure Security
- Chapter 9: BDD Acceptance Security Testing
- Chapter 10: Project Background and Automation Approach
- Chapter 11: Automated Testing for Web Applications
- Chapter 12: Automated Fuzz API Security Testing
- Chapter 13: Automated Infrastructure Security
- Chapter 14: Managing and Presenting Test Results
- Other Books You May Enjoy
Secure configuration best practices
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.