July 2018
Intermediate to advanced
356 pages
9h 18m
English
Content preview from Hands-On Security in DevOps
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Summary
In this chapter, we learned about the security practices that take place during the continuous integration cycle in the coding, building, testing, and production deployment phases. For the development stage, we perform secure code scanning, secure compiling checks, and also vulnerable third-party component review. For the static code analysis, we also introduced some of the open source scanning tools for different programming languages. We have also learned how to enable compile-time defenses against buffer overflows, such as ASLR and NX.
For web security testing, we introduced testing approaches in proactive and proxy modes and discussed web automation testing tips to improve the testing effectiveness in terms of business logic, ...