This book is aimed at software developers, architects, testers, and QA engineers looking to build automated security testing frameworks alongside their existing Continuous Integration (CI) frameworks to achieve security quality in the software development and testing cycle.
It will teach you how to adopt security automation techniques to continuously improve your entire software development and security testing cycle. This book aims to combine security and automation to protect web and cloud services. This practical guide will teach you how to use open source tools and techniques to integrate security testing tools directly into your CI/Continuous Delivery (CD) framework. It will also show you how to implement security inspection at every layer, such as secure code inspection, fuzz testing, REST API testing, privacy testing, infrastructure security testing, and fuzz testing. With the help of practical examples, it will also teach you how to implement a combination of automation and security in DevOps. Furthermore, it will cover topics on the integration of security testing results so that you can gain an overview of the overall security status of your projects.
This book best fits those in the following roles and scenarios:
- Developers who are not familiar with secure coding rules, but need effective and automated secure code inspection with existing CI/CD integration.
- Development and QA teams who would like to perform security automation at different levels, such as the API, fuzz, functional, and infrastructure levels, but may have a gap to bridge in order to achieve automated security testing.
- Security team members who are finding that the testing output of their various security testing tools is not easily understood by non-security testing teams. In such cases, a universally recognizable security testing report is needed so that everyone can understand the overall security status of a project. (For these cases, behavior-driven and acceptance testing frameworks will be introduced.)
By the end of this book, you will be well versed in implementing automation security at all stages of your software development cycle, and will also have learned how to build your own in-house security automation platform for your cloud releases.
