In this approach, we use several security testing tools to do security testing with XML outputs. These XML outputs will be imported into a defect management service, OWASP DefectDojo in our demonstration. The security defect management web service will help to consolidate all the testing results in one security dashboard, or even generate a summary report. Follow the steps to learn how to apply OWASP DefectDojo to manage your security findings.
Approach 3 – security findings management DefectDojo
by Tony Hsiang-Chih Hsu
Practical Security Automation and Testing
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- The Scope and Challenges of Security Automation
- Integrating Security and Automation
- Secure Code Inspection
- Case study – automating a secure code review
- Secure coding patterns for inspection
- Quick and simple secure code scanning tools
- Case study – XXE security
- Case study – deserialization security issue
- Summary
-  Questions
- Further reading
- Sensitive Information and Privacy Testing
- Security API and Fuzz Testing
- Automated security testing for every API release
- Building your security API testing framework
- Summary
- Questions
- Further reading
- Web Application Security Testing
- Case study – online shopping site for automated security inspection
- Case 1 – web security testing using the ZAP REST API
- Case 2 – full automation with CURL and the ZAP daemon
- Case 3 – automated security testing for the user registration flow with Selenium
- Summary
- Questions
- Further reading
- Android Security Testing
- Infrastructure Security
- The scope of infrastructure security
- Secure configuration best practices
- Network security assessments with Nmap
- CVE vulnerability scanning
- HTTPS security check with SSLyze
- Behavior-driven security automation – Gauntlt
- Summary
- Questions
- Further reading
- BDD Acceptance Security Testing
- Project Background and Automation Approach
- Automated Testing for Web Applications
- Automated Fuzz API Security Testing
- Fuzz testing and data
- API fuzz testing with Automation Frameworks
- Summary
- Questions
- Further reading
- Automated Infrastructure Security
- Managing and Presenting Test Results
- Summary of Automation Security Testing Tips
- List of Scripts and Tools
- Solutions
- Chapter 1: The Scope and Challenges of Security Automation
- Chapter 2: Integrating Security and Automation
- Chapter 3: Secure Code Inspection
- Chapter 4: Sensitive Information and Privacy Testing
- Chapter 5: Security API and Fuzz Testing
- Chapter 6: Web Application Security Testing
- Chapter 7: Android Security Testing
- Chapter 8: Infrastructure Security
- Chapter 9: BDD Acceptance Security Testing
- Chapter 10: Project Background and Automation Approach
- Chapter 11: Automated Testing for Web Applications
- Chapter 12: Automated Fuzz API Security Testing
- Chapter 13: Automated Infrastructure Security
- Chapter 14: Managing and Presenting Test Results
- Other Books You May Enjoy
Approach 3 – security findings management DefectDojo
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.