0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Newsletter Hub

Free Learning

Practical Security Automation and Testing

You're reading from Practical Security Automation and Testing Tools and techniques for automated security scanning and testing in DevSecOps

Product type Paperback

Published in Feb 2019

Publisher Packt

ISBN-13 9781789802023

Length 256 pages

Edition 1st Edition

Languages

C++

Tools

JMeter

Concepts

Application Security

Author (1):

Hsu

View More author details

Table of Contents (20) Chapters

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

1. The Scope and Challenges of Security Automation FREE CHAPTER

2. Integrating Security and Automation

3. Secure Code Inspection

4. Sensitive Information and Privacy Testing

5. Security API and Fuzz Testing

6. Web Application Security Testing

7. Android Security Testing

8. Infrastructure Security

9. BDD Acceptance Security Testing

10. Project Background and Automation Approach

11. Automated Testing for Web Applications

12. Automated Fuzz API Security Testing

13. Automated Infrastructure Security

14. Managing and Presenting Test Results

15. Summary of Automation Security Testing Tips

Questions

Which one of the followings is not used for security data payloads source?
1. FuzzDB
2. SecLists
3. CURL
4. Naughty Strings
Which one can be used to send HTTP requests?
1. JMeter
2. Python Requests
3. CURL
4. All of above
Which one of the ZAP-CLI commands can be used to trigger the security assessments?
1. ZAP-CLI spider
2. ZAP-CLI quick-scan
3. ZAP-CLI active-scan
4. All of above
In JMeter, what element is used to read the CSV values?
1. CSV Data Set Config
2. HTTP Request
3. View Results Tree
4. Thread Group
What will the ZAP API do?
1. View the testing results?
2. Trigger a testing
3. Spider a website

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Authors (1)

Hsu

Hsu

Tony Hsiang-Chih Hsu is a senior security architect, software development manager, and project manager with more than 20 years' experience in security services technology. He has extensive experience of the Secure Software Development Lifecycle (SSDLC) in relation to activities including secure architecture/design review, secure code review, threat modeling, automated security testing, and cloud service inspection. He is also an in-house SDL trainer, having offered hands-on courses totaling in more than 300 hours. He is also the author of Hands-on Security in DevOps, and a co-author of several Open Web Application Security Project (OWASP) projects, including the OWASP testing guide, a proactive control guide, deserialization, cryptographic, and the XXE prevention cheatsheet.

See other products by Hsu

Other recommended products

Related to this chapter

Hands-On Security in DevOps

Hands-On Security in DevOps

Hands-On Security in DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. By the end of this book, readers will be ready to build security controls at all layers, monitor and respond to attacks on cloud services, and add security organization-wide through risk management and training.

Jul 2018 11h 52m

Security Automation with Ansible 2

Security Automation with Ansible 2

Security automation is one of the most interesting skills to have nowadays. With over 750 automation modules, Ansible makes it easy for you to secure any part of your system—be it setting firewalls, providing authentication to users and groups, or setting custom security policies. It allows you to write automation procedures once and use them across your entire infrastructure. This book will teach you the best way to use Ansible for seemingly complex tasks by using the various building blocks available and creating solutions that are easy to teach others, store for later, perform version control on, and repeat.

Dec 2017 12h 8m

Performance Testing with JMeter 3

Performance Testing with JMeter 3

JMeter is a Java application designed to load and test performance for a web application. JMeter extends to improve the functioning of various other static and dynamic resources. This book is a great starting point to learn about JMeter. It covers the new features introduced with JMeter 3 and enables you to dive deep into the new techniques needed for measuring your website performance

Jul 2017 5h 32m

IoT Penetration Testing Cookbook

IoT Penetration Testing Cookbook

IoT is an upcoming trend in the IT industry today; there are a lot of IoT devices on the market but there is a minimal understanding of how to safeguard them. If you are a security enthusiast or pentester, this book will help you understand how to exploit and secure IoT devices. You will learn how to identify vulnerabilities in IoT device architecture and firmware using software and hardware pentesting techniques, and you'll also focus on various IoT exploitation techniques and security automation.

Nov 2017 15h 4m

Kali Linux Web Penetration Testing Cookbook

Kali Linux Web Penetration Testing Cookbook

Kali Linux is the most popular open-source penetration toolkit used for effective web penetration testing. This book will teach you, in the form of step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure.

Aug 2018 13h 28m

Web Penetration Testing with Kali Linux

Web Penetration Testing with Kali Linux

This book covers everything you need to set up a Kali Linux lab, the latest generation of the BackTrack Linux penetration testing and security auditing Linux distribution. Learn how to use the hundred tools Kali Linux has so you can manage security tasks such as penetration testing, forensics, and reverse engineering.

Feb 2018 14h 12m

Personalised recommendations for you

Based on your interests and search pattern

Cloud Security Handbook

Cloud Security Handbook

This book provides complete coverage of every cloud security aspect—from initial design to ongoing maintenance. Packed with best practices, it helps you smoothly transition to the public cloud, while keeping your environments secure and compliant.

Apr 2025 16h 4m

CompTIA CySA+ (CS0-003) Certification Guide

CompTIA CySA+ (CS0-003) Certification Guide

Prepare for the CompTIA CySA+ (CS0-003) exam with this guide covering security operations, incident response, and vulnerability management. Reinforce learning with interactive labs, exam-style questions, two practice exams, and targeted flashcards.

Apr 2025 24h 44m

Cyber Security Kill Chain - Tactics and Strategies

Cyber Security Kill Chain - Tactics and Strategies

Learn how the cyber kill chain, a structured model that outlines the stages of a cyberattack, guides you through understanding threat actor behaviors and bolstering their ability to defend against evolving cyber threats.

May 2025 10h 28m