If you are a system administrator or a DevOps engineer with responsibility for finding loop holes in your system or application, then this book is for you. It's also useful for security consultants looking to automate their infrastructure's security model.What You Will Learn
Security automation is one of the most interesting skills to have nowadays. Ansible allows you to write automation procedures once and use them across your entire infrastructure. This book will teach you the best way to use Ansible for seemingly complex tasks by using the various building blocks available and creating solutions that are easy to teach others, store for later, perform version control on, and repeat.
We'll start by covering various popular modules and writing simple playbooks to showcase those modules. You'll see how this can be applied over a variety of platforms and operating systems, whether they are Windows/Linux bare metal servers or containers on a cloud platform. Once the bare bones automation is in place, you'll learn how to leverage tools such as Ansible Tower or even Jenkins to create scheduled repeatable processes around security patching, security hardening, compliance reports, monitoring of systems, and so on.
Moving on, you'll delve into useful security automation techniques and approaches, and learn how to extend Ansible for enhanced security. While on the way, we will tackle topics like how to manage secrets, how to manage all the playbooks that we will create and how to enable collaboration using Ansible Galaxy. In the final stretch, we'll tackle how to extend the modules of Ansible for our use, and do all the previous tasks in a programmatic manner to get even more powerful automation frameworks and rigs.Style and approach
This comprehensive guide will teach you to manage Linux and Windows hosts remotely in a repeatable and predictable manner. The book takes an in-depth approach and helps you understand how to set up complicated stacks of software with codified and easy-to-share best practices.
Madhu Akula is a security ninja and security and devops researcher with extensive experience in the industry, ranging from client-facing assignments building scalable and secure infrastructure, to publishing industry-leading research to running training sessions for companies and governments alike. Madhu's research papers are frequently selected for major security industry conferences including Defcon 24, All Day DevOps (2016, 2017), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n, Serverless Summit ToorCon, DefCamp, SkydogCon, NolaCon, and null, and more. Madhu was a keynote speaker for the National Cyber Security conference at Dayananda Sagar College in February 2016. When he's not working with Appsecco's clients or speaking at events, he's actively involved in researching vulnerabilities in open source products/platforms such as WordPress, Ntop, and Opendocman. He's also a contributing bug hunter with Code Vigilant (a project to secure open source software). His research has identified many vulnerabilities in over 200 organizations including the U.S. Department of Homeland Security, Google, Microsoft, Yahoo, Adobe, LinkedIn, eBay, AT&T, Blackberry, Cisco, Barracuda, and more. He is also an active member of Bugcrowd, Hackerone, Synack, and more. Madhu has trained over 5000 people in information security for companies and organizations including the Indian Navy and the Ministry of e-services in a leading Gulf state.
Akash Mahajan is an accomplished security professional with over a decade's experience in providing specialist application and infrastructure consulting services at the highest levels to companies, governments, and organizations around the world. He has lots of experience in working with clients to provide innovative security insights that truly reflect the commercial and operational needs of the organization, from strategic advice to testing and analysis to incident response and recovery. He is an active participant in the international security community and a conference speaker both individually, as chapter lead of the Bangalore chapter of OWASP the global organization responsible for defining the standards for web application security and as a co-founder of NULL India's largest open security community. Akash runs Appsecco, a company focused on Application Security. He authored the book Burp Suite Essentials published by Packt Publishing in November 2014, which is listed as a reference by the creators of Burp Suite.
If you are a developer with prior knowledge of using Python for penetration testing and if you want an overview of scripting tasks to consider while penetration testing, this book will give you a lot of useful code for your toolkit.What You Will LearnLearn to configure Python in different environment setups.Find an IP address from a web page using BeautifulSoup and ScrapyDiscover different types of packet sniffing script to sniff network packetsMaster layer-2 and TCP/ IP attacksMaster techniques for exploit development for Windows and LinuxIncorporate various network- and packet-sniffing techniques using Raw sockets and ScrapyIn Detail
Penetration testing is the use of tools and code to attack a system in order to assess its vulnerabilities to external threats. Python allows pen testers to create their own tools. Since Python is a highly valued pen-testing language, there are many native libraries and Python bindings available specifically for pen-testing tasks.
Python Penetration Testing Cookbook begins by teaching you how to extract information from web pages. You will learn how to build an intrusion detection system using network sniffing techniques. Next, you will find out how to scan your networks to ensure performance and quality, and how to carry out wireless pen testing on your network to avoid cyber attacks. After that, we'll discuss the different kinds of network attack. Next, you'll get to grips with designing your own torrent detection program. We'll take you through common vulnerability scenarios and then cover buffer overflow exploitation so you can detect insecure coding. Finally, you'll master PE code injection methods to safeguard your network.Style and approach
This book takes a recipe-based approach to solving real-world problems in pen testing. It is structured in stages from the initial assessment of a system through exploitation to post-exploitation tests, and provides scripts that can be used or modified for in-depth penetration testing.
OMG’s Assurance Ecosystem provides a common framework for discovering, integrating, analyzing, and distributing facts about existing enterprise software. Its foundation is the standard protocol for exchanging system facts, defined as the OMG Knowledge Discovery Metamodel (KDM). In addition, the Semantics of Business Vocabularies and Business Rules (SBVR) defines a standard protocol for exchanging security policy rules and assurance patterns. Using these standards together, students will learn how to leverage the knowledge of the cybersecurity community and bring automation to protect systems.
This book includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture, and code analysis guided by the assurance argument. A case study illustrates the steps of the System Assurance Methodology using automated tools.
This book is recommended for technologists from a broad range of software companies and related industries; security analysts, computer systems analysts, computer software engineers-systems software, computer software engineers- applications, computer and information systems managers, network systems and data communication analysts.Provides end-to-end methodology for systematic, repeatable, and affordable System Assurance.Includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture and code analysis guided by the assurance argument.Case Study illustrating the steps of the System Assurance Methodology using automated tools.
Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention.
This book will teach you to adopt security automation techniques to continuously improve your entire software development and security testing. You will learn to use open source tools and techniques to integrate security testing tools directly into your CI/CD framework. With this book, you will see how to implement security inspection at every layer, such as secure code inspection, fuzz testing, Rest API, privacy, infrastructure security, and web UI testing.
With the help of practical examples, this book will teach you to implement the combination of automation and Security in DevOps. You will learn about the integration of security testing results for an overall security status for projects.
By the end of this book, you will be confident implementing automation security in all layers of your software development stages and will be able to build your own in-house security automation platform throughout your mobile and cloud releases.What you will learnAutomate secure code inspection with open source tools and effective secure code scanning suggestionsApply security testing tools and automation frameworks to identify security vulnerabilities in web, mobile and cloud servicesIntegrate security testing tools such as OWASP ZAP, NMAP, SSLyze, SQLMap, and OpenSCAPImplement automation testing techniques with Selenium, JMeter, Robot Framework, Gauntlt, BDD, DDT, and Python unittestExecute security testing of a Rest API Implement web application security with open source tools and script templates for CI/CD integrationIntegrate various types of security testing tool results from a single project into one dashboardWho this book is for
The book is for software developers, architects, testers and QA engineers who are looking to leverage automated security testing techniques.
Mike Julian lays out a practical approach to designing and implementing effective monitoring—from your enterprise application down to the hardware in a datacenter, and everything between. Practical Monitoring provides you with straightforward strategies and tactics for designing and implementing a strong monitoring foundation for your company.
This book takes a unique vendor-neutral approach to monitoring. Rather than discuss how to implement specific tools, Mike teaches the principles and underlying mechanics behind monitoring so you can implement the lessons in any tool.
Practical Monitoring covers essential topics including:Monitoring antipatternsPrinciples of monitoring designHow to build an effective on-call rotationGetting metrics and logs out of your application
Authors Lorin Hochstein and René Moser show you how to write playbooks (Ansible’s configuration management scripts), manage remote servers, and explore the tool’s real power: built-in declarative modules. You’ll discover that Ansible has the functionality you need—and the simplicity you desire.Manage Windows machines, and automate network device configurationManage your fleet from your web browser with Ansible TowerUnderstand how Ansible differs from other configuration management systemsUse the YAML file format to write your own playbooksWork with a complete example to deploy a non-trivial applicationDeploy applications to Amazon EC2 and other cloud platformsCreate Docker images and deploy Docker containers with Ansible
This book is best read start to finish, with later chapters building on earlier ones. Because it’s written in a tutorial style, you can follow along on your own machine. Most examples focus on web applications.
ITIL is the most widely adopted approach for IT Service Management in the world, providing a practical, no-nonsense framework for identifying, planning, delivering, and supporting IT services to businesses. This study guide is the ultimate companion for certification candidates, giving you everything you need to know in a single informative volume.Review the information needed for all five Lifecycle exams Examine real-life examples of how these concepts are applied Gain a deeper understanding of each of the process areas Learn more about governance, organization, implementation, and more
The Intermediate ITIL Service Lifecycle exams expect you to demonstrate thorough knowledge of the concepts, processes, and functions related to the modules. The certification is recognized around the world as the de facto standard for IT Service Management, and the skills it requires increase your value to any business. For complete, detailed exam preparation, ITIL Certification Companion Study Guide for the Intermediate ITIL Service Lifecycle Exams is an invaluably effective tool.
Author Jeff Patton shows you how changeable story maps enable your team to hold better conversations about the project throughout the development process. Your team will learn to come away with a shared understanding of what you’re attempting to build and why.Get a high-level view of story mapping, with an exercise to learn key concepts quicklyUnderstand how stories really work, and how they come to life in Agile and Lean projectsDive into a story’s lifecycle, starting with opportunities and moving deeper into discoveryPrepare your stories, pay attention while they’re built, and learn from those you convert to working software
Authors Kelsey Hightower, Brendan Burns, and Joe Beda—who’ve worked on Kubernetes at Google and other organizatons—explain how this system fits into the lifecycle of a distributed application. You will learn how to use tools and APIs to automate scalable distributed systems, whether it is for online services, machine-learning applications, or a cluster of Raspberry Pi computers.Explore the distributed system challenges that Kubernetes addressesDive into containerized application development, using containers such as DockerCreate and run containers on Kubernetes, using the docker image format and container runtimeExplore specialized objects essential for running applications in productionReliably roll out new software versions without downtime or errorsGet examples of how to develop and deploy real-world applications in Kubernetes