This is the code repository for Practical Security Automation and Testing, published by Packt.
Tools and techniques for automated security scanning and testing in DevSecOps
Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention.
This book covers the following exciting features:
- Automate secure code inspection with open source tools and effective secure code scanning suggestions
- Apply security testing tools and automation frameworks to identify security vulnerabilities in web, mobile and cloud services
- Integrate security testing tools such as OWASP ZAP, NMAP, SSLyze, SQLMap, and OpenSCAP
- Implement automation testing techniques with Selenium, JMeter, Robot Framework, Gauntlt, BDD, DDT, and Python unittest
- Execute security testing of a Rest API Implement web application security with open source tools and script templates for CI/CD integration
If you feel this book is for you, get your copy today!
All of the code is organized into folders. For example, Chapter02.
The code will look like the following:
saxReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
saxReader.setFeature("http://xml.org/sax/features/external-general-entities", false);
saxReader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
Following is what you need for this book: The book is for software developers, architects, testers and QA engineers who are looking to leverage automated security testing techniques.
With the following software and hardware list you can run all code files present in the book (Chapter 1-15).
| Chapter | Software required | OS required |
|---|---|---|
| 1-15 | Virtual machine | Windows, Mac OS X, and Linux (Any) |
| 1-15 | ZAP | Windows, Mac OS X, and Linux (Any) |
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. Click here to download it.
Tony Hsiang-Chih Hsu is a senior security architect, software development manager, and project manager with more than 20 years' experience in security services technology. He has extensive experience of the Secure Software Development Lifecycle (SSDLC) in relation to activities including secure architecture/design review, secure code review, threat modeling, automated security testing, and cloud service inspection. He is also an in-house SDL trainer, having offered hands-on courses totaling in more than 300 hours. He is also the author of Hands-on Security in DevOps, and a co-author of several Open Web Application Security Project (OWASP) projects, including the OWASP testing guide, a proactive control guide, deserialization, cryptographic, and the XXE prevention cheatsheet.
Click here if you have any feedback or suggestions.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent