book

Hands-On Security in DevOps

by Tony Hsiang-Chih Hsu

July 2018

Intermediate to advanced

356 pages

9h 18m

English

Packt Publishing

Read now

Unlock full access

Content preview from Hands-On Security in DevOps

Struts security strings search in struts.xml and API

This list of keywords directly related to the struts security issues will help us to use a search tool (such as drek or Graudit) to locate and to identify the issue; take a look at the following table:

Struts security	Keyword search in bold
Development mode	`struts.devMode`. Review tips: The suggested value should be false in `struts.xml`.
Dynamic method invocation	`struts.enable.DynamicMethodInvocation`. Review tips: The suggested value should be false in `struts.xml`.
OGNL static method access	`struts.ognl.allowStaticMethodAccess`. Review tips: The suggested value should be false in `struts.xml`.
File upload	`Allowedtypes`. `maximumSize`. `allowedExtensions`. Review tips

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Securing DevOps

Julien Vehent

Kubernetes Security

Liz Rice, Michael Hausenblas

Three Essentials for Agentic AI Security

Paolo Dal Cin, Daniel Kendzior, Yusof Seedat, Renato Marinho

Security Automation with Ansible 2

Akash Mahajan, MADHU AKULA

Publisher Resources

ISBN: 9781788995504Other