In this chapter, we introduced our security testing project, NodeGoat. We also discussed the security tool selection criteria we should consider when building a security automation framework. A security automation framework typically includes security testing tools, a web service, testing results, an automation framework (such as Robot Framework), automation scripts, and security payloads. In coming chapters, we will learn how to complete the testing automation framework and demonstrate automated testing for the NodeGoat website, fuzz API security testing, and infrastructure security testing.
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- The Scope and Challenges of Security Automation
- Integrating Security and Automation
- Secure Code Inspection
- Case study – automating a secure code review
- Secure coding patterns for inspection
- Quick and simple secure code scanning tools
- Case study – XXE security
- Case study – deserialization security issue
- Summary
-  Questions
- Further reading
- Sensitive Information and Privacy Testing
- Security API and Fuzz Testing
- Automated security testing for every API release
- Building your security API testing framework
- Summary
- Questions
- Further reading
- Web Application Security Testing
- Case study – online shopping site for automated security inspection
- Case 1 – web security testing using the ZAP REST API
- Case 2 – full automation with CURL and the ZAP daemon
- Case 3 – automated security testing for the user registration flow with Selenium
- Summary
- Questions
- Further reading
- Android Security Testing
- Infrastructure Security
- The scope of infrastructure security
- Secure configuration best practices
- Network security assessments with Nmap
- CVE vulnerability scanning
- HTTPS security check with SSLyze
- Behavior-driven security automation – Gauntlt
- Summary
- Questions
- Further reading
- BDD Acceptance Security Testing
- Project Background and Automation Approach
- Automated Testing for Web Applications
- Automated Fuzz API Security Testing
- Fuzz testing and data
- API fuzz testing with Automation Frameworks
- Summary
- Questions
- Further reading
- Automated Infrastructure Security
- Managing and Presenting Test Results
- Summary of Automation Security Testing Tips
- List of Scripts and Tools
- Solutions
- Chapter 1: The Scope and Challenges of Security Automation
- Chapter 2: Integrating Security and Automation
- Chapter 3: Secure Code Inspection
- Chapter 4: Sensitive Information and Privacy Testing
- Chapter 5: Security API and Fuzz Testing
- Chapter 6: Web Application Security Testing
- Chapter 7: Android Security Testing
- Chapter 8: Infrastructure Security
- Chapter 9: BDD Acceptance Security Testing
- Chapter 10: Project Background and Automation Approach
- Chapter 11: Automated Testing for Web Applications
- Chapter 12: Automated Fuzz API Security Testing
- Chapter 13: Automated Infrastructure Security
- Chapter 14: Managing and Presenting Test Results
- Other Books You May Enjoy
Summary
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.