book

Security Automation with Ansible 2

by Akash Mahajan, MADHU AKULA

December 2017

Intermediate to advanced

364 pages

7h 30m

English

Packt Publishing

Read now

Unlock full access

Content preview from Security Automation with Ansible 2

Testing web APIs

Similar to the ZAP Baseline scan, the fine folks behind ZAP provide a script as part of their live and weekly Docker images. We can use it to run scans against API endpoints defined either by OpenAPI specification or Simple Object Access Protocol (SOAP).

The script can understand the API specifications and import all the definitions. Based on this, it runs an active scan against all the URLs found:

- name: Running OWASP ZAP API Scan  hosts: zap  remote_user: "{{ remote_user_name }}"  gather_facts: no  become: yes  vars:    remote_user_name: ubuntu    owasp_zap_image_name: owasp/zap2docker-weekly    website_url: {{ website_url }}    reports_location: /zapdata/    scan_name: owasp-zap-api-scan-dvws    api_type: openapi>  tasks:    - name: adding write ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Implementing DevOps with Ansible 2

Jonathan McAllister

Practical Ansible 2

Daniel Oh, James Freeman, Fabio Alessandro Locati

Learning Ansible 2 - Second Edition

Fabio Alessandro Locati

Practical Security Automation and Testing

Tony Hsiang-Chih Hsu

Publisher Resources

ISBN: 9781788394512Supplemental Content