The scope of infrastructure security testing covers the known vulnerable components inspection, secure configurations, and secure communication protocols. In addition to the uses of tools, the industry organization best practices, including CIS benchmarks, STIG, and OpenSCAP are also introduced.
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- The Scope and Challenges of Security Automation
- Integrating Security and Automation
- Secure Code Inspection
- Case study – automating a secure code review
- Secure coding patterns for inspection
- Quick and simple secure code scanning tools
- Case study – XXE security
- Case study – deserialization security issue
- Summary
-  Questions
- Further reading
- Sensitive Information and Privacy Testing
- Security API and Fuzz Testing
- Automated security testing for every API release
- Building your security API testing framework
- Summary
- Questions
- Further reading
- Web Application Security Testing
- Case study – online shopping site for automated security inspection
- Case 1 – web security testing using the ZAP REST API
- Case 2 – full automation with CURL and the ZAP daemon
- Case 3 – automated security testing for the user registration flow with Selenium
- Summary
- Questions
- Further reading
- Android Security Testing
- Infrastructure Security
- The scope of infrastructure security
- Secure configuration best practices
- Network security assessments with Nmap
- CVE vulnerability scanning
- HTTPS security check with SSLyze
- Behavior-driven security automation – Gauntlt
- Summary
- Questions
- Further reading
- BDD Acceptance Security Testing
- Project Background and Automation Approach
- Automated Testing for Web Applications
- Automated Fuzz API Security Testing
- Fuzz testing and data
- API fuzz testing with Automation Frameworks
- Summary
- Questions
- Further reading
- Automated Infrastructure Security
- Managing and Presenting Test Results
- Summary of Automation Security Testing Tips
- List of Scripts and Tools
- Solutions
- Chapter 1: The Scope and Challenges of Security Automation
- Chapter 2: Integrating Security and Automation
- Chapter 3: Secure Code Inspection
- Chapter 4: Sensitive Information and Privacy Testing
- Chapter 5: Security API and Fuzz Testing
- Chapter 6: Web Application Security Testing
- Chapter 7: Android Security Testing
- Chapter 8: Infrastructure Security
- Chapter 9: BDD Acceptance Security Testing
- Chapter 10: Project Background and Automation Approach
- Chapter 11: Automated Testing for Web Applications
- Chapter 12: Automated Fuzz API Security Testing
- Chapter 13: Automated Infrastructure Security
- Chapter 14: Managing and Presenting Test Results
- Other Books You May Enjoy
Infrastructure security
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.