Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Newsletter Hub

Free Learning

You're reading from Practical Security Automation and Testing Tools and techniques for automated security scanning and testing in DevSecOps

Product type Paperback

Published in Feb 2019

Last Updated in Feb 2025

Publisher Packt

ISBN-13 9781789802023

Length 256 pages

Edition 1st Edition

Languages

C++

Tools

JMeter

Concepts

Application Security

Author (1):

Hsu

View More author details

Table of Contents (19) Chapters

Preface

1. The Scope and Challenges of Security Automation FREE CHAPTER

2. Integrating Security and Automation

3. Secure Code Inspection

4. Sensitive Information and Privacy Testing

5. Security API and Fuzz Testing

6. Web Application Security Testing

7. Android Security Testing

8. Infrastructure Security

9. BDD Acceptance Security Testing

10. Project Background and Automation Approach

11. Automated Testing for Web Applications

12. Automated Fuzz API Security Testing

13. Automated Infrastructure Security

14. Managing and Presenting Test Results

15. Summary of Automation Security Testing Tips

16. List of Scripts and Tools

17. Solutions

18. Other Books You May Enjoy

Leave a review - let other readers know what you think

List of installed tools in virtual image

The password of the root is osboxes.org. Here are some of the tools installed in the VM and their usage:

Installed Tools	Description and Usage
`NodeGoat`	Vulnerable source code of NodeGoat project.
`0d1n`	This is used for fuzz testing. Use the keyword ^ for the fuzz testing data. `$ ./0d1n`
`androwarn`	It's a static code analyzer for malicious Android applications. `$ python androwarn.py --help`
`archerysec`	This is an Open Source Vulnerability Assessment and Management that helps developers and pentesters perform scans and manage vulnerabilities. `$ docker pull archerysec/archerysec` `$ docker run -it -p 8000:8000 archerysec/archerysec:latest`
`qark`	This is a Python tool to look for several security-related Android application vulnerabilities. `$python qarkMain.py`
`radamsa`	This is a dynamic fuzz data generator. `...`

The rest of the chapter is locked

Tech Concepts

Programming languages

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Hsu

Tony Hsiang-Chih Hsu is a senior security architect, software development manager, and project manager with more than 20 years' experience in security services technology. He has extensive experience of the Secure Software Development Lifecycle (SSDLC) in relation to activities including secure architecture/design review, secure code review, threat modeling, automated security testing, and cloud service inspection. He is also an in-house SDL trainer, having offered hands-on courses totaling in more than 300 hours. He is also the author of Hands-on Security in DevOps, and a co-author of several Open Web Application Security Project (OWASP) projects, including the OWASP testing guide, a proactive control guide, deserialization, cryptographic, and the XXE prevention cheatsheet.

See other products by Hsu