Hacking and Security

 Погрузитесь в увлекательный мир тестирования программного обеспечения вместе с книгой, которая является настоящим концентратом чистейших знаний для новичков и профессионалов! Автор делится секретами мастерства, подробно рассказывая о более 15 видах тестирования и более 20 методах проектирования тестов (техниках тест-дизайна). И это только вершина айсберга знаний, изложенных в книге. Вы будете поражены глубиной информации и открытием знаний собранных в одном месте, о которых даже не догадывались. Книга насыщена ценнейшими советами, основанными на практическом опыте. Многочисленные примеры помогут быстрее освоить представленный в книге материал. Вооружившись знаниями из этой книги, вы будете уверенно разбираться в нюансах тестирования программного обеспечения и с лёгкостью применять знания на практике! Книга может по праву считаться настольной книгой специалиста по тестированию.

 Веб-интерфейсы — лицо приложения, и они должны быть совершенными. Внедрение программы автоматизированного тестирования — лучший способ убедиться, что ваши API готовы к работе.
 «Тестирование веб-API» — это уникальное практическое руководство, включающее в себя описание всех этапов: от начального проектирования набора тестов до методов документирования, реализации и предоставления высококачественных API. Вы познакомитесь с обширным набором методов тестирования — от исследовательского до тестирования продакшен-кода, а также узнаете, как сэкономить время за счет автоматизации с использованием стандартных инструментов. Книга поможет избежать многих трудностей при тестировании API.

 This book is aimed at everyone preparing for the ISTQB® Certified Tester – Foundation Level exam based on the Foundation Level syllabus (version 4.0) published in 2023. It provides candidates with reliable knowledge based on this document and thus distinguishes itself from all the information about ISTQB® syllabi and exams on the Internet, which is often of rather poor quality and may even contain serious errors.

 The book expands and details many issues that are described in the new 2023 version of the syllabus in a perfunctory or general way only. According to the ISTQB® guidelines for syllabus-based training, an exercise must be provided for each learning objective at the K3 level, and a practical example must be provided for each objective at the K2 or K3 level. In order to satisfy these requirements, the authors prepared numerous exercises and examples for all learning objectives at these levels. In addition, for each learning objective, one or more sample exam questions are presented which are similar to those that the candidate will see in the exam. This makes the book an excellent aid for studying and preparing for the exam and verifying acquired knowledge.

Welcome to "Bug Bounty Decoded: Unraveling the Mysteries of Ethical Hacking Rewards." In the pages that follow, we embark on a journey into the heart of cybersecurity's cutting edge, where hackers transform into heroes, and the vulnerabilities they uncover are a catalyst for digital progress. This book is your roadmap to understanding the world of bug bounties – a landscape that transcends mere technology, encompassing psychology, ethics, collaboration, and the relentless pursuit of knowledge. From the early days of security testing to the intricate art of ethical hacking, each chapter will guide you through the multifaceted dimensions of this thrilling field. We will explore the mindset of the bug hunter – the amalgamation of persistence, creativity, and a passion for problem-solving that drives them forward. Equipped with this mindset, we will delve into the process of discovering vulnerabilities, from the initial reconnaissance to the delicate dance of responsible disclosure. We will venture into the world of bug bounty platforms, where the right combination of strategy and tenacity can lead to substantial rewards. Yet, as with any endeavor, challenges abound. We will confront the frustrations of false positives, navigate the legal and ethical nuances, and uncover the power of collaboration within a vibrant community of like-minded individuals. The stories within these pages will introduce you to the pioneers who have shaped the landscape of ethical hacking, recounting their victories, challenges, and the lessons they've learned along the way. We will examine the delicate balance between revealing vulnerabilities and maintaining the integrity of systems, exploring the ethical considerations that guide this critical pursuit. As we peer into the future, we will speculate on the ever-evolving role of ethical hackers in a world perpetually teetering on the edge of innovation. Through the trials, triumphs, and transformative potential of bug bounty programs, you will gain a comprehensive understanding of the ethical hacking landscape and the extraordinary individuals who populate it. So, buckle up and prepare to embark on a journey that melds technology with humanity, curiosity with security, and innovation with responsibility. "Bug Bounty Decoded: Unraveling the Mysteries of Ethical Hacking Rewards" is your passport to a realm where knowledge is power, and every vulnerability uncovered is a step toward a safer digital world. Let's decode the mysteries together.

 Along with the exponential growth of API adoption comes a rise in security concerns about their implementation and inherent vulnerabilities. For those seeking comprehensive insights into building, deploying, and managing APIs as the first line of cyber defense, this book offers invaluable guidance. Written by a seasoned DevSecOps expert, Defending APIs addresses the imperative task of API security with innovative approaches and techniques designed to combat API-specific safety challenges.

 The initial chapters are dedicated to API building blocks, hacking APIs by exploiting vulnerabilities, and case studies of recent breaches, while the subsequent sections of the book focus on building the skills necessary for securing APIs in real-world scenarios.

 Guided by clear step-by-step instructions, you'll explore offensive techniques for testing vulnerabilities, attacking, and exploiting APIs. Transitioning to defensive techniques, the book equips you with effective methods to guard against common attacks. There are plenty of case studies peppered throughout the book to help you apply the techniques you're learning in practice, complemented by in-depth insights and a wealth of best practices for building better APIs from the ground up.

 By the end of this book, you'll have the expertise to develop secure APIs and test them against various cyber threats targeting APIs.

What You Will Learn:

• Explore the core elements of APIs and their collaborative role in API development
• Understand the OWASP API Security Top 10, dissecting the root causes of API vulnerabilities
• Obtain insights into high-profile API security breaches with practical examples and in-depth analysis
• Use API attacking techniques adversaries use to attack APIs to enhance your defensive strategies
• Employ shield-right security approaches such as API gateways and firewalls
• Defend against common API vulnerabilities across several frameworks and languages, such as .NET, Python, and Java

Who this book is for:

 This book is for application security engineers, blue teamers, and security professionals looking forward to building an application security program targeting API security. For red teamers and pentesters, it provides insights into exploiting API vulnerabilities. API developers will benefit understanding, anticipating, and defending against potential threats and attacks on their APIs. While basic knowledge of software and security is required to understand the attack vectors and defensive techniques explained in the book, a thorough understanding of API security is all you need to get started.

 Уникальная книга-тренинг по тестированию программ, охватывающая весь необходимый тестировщику спектр знаний с азов до сложных концепций. Рассматриваются виды и методики тестирования, способы поиска ошибок в программах, оформления тест-кейсов и чек-листов, описания выявленных недостатков и предлагаемых улучшений. Книга содержит домашние задания, выполнив которые читатель освоит тестирование ПО на практике и соберет портфолио, необходимое для последующего трудоустройства.

 Whether in movies or mainstream media, hackers are often romanticized: they are painted as black magic wizards, nasty criminals, or, in the worst cases, as thieves with a hood and a crowbar.

 In reality, the spectrum of the profile of the attackers is extremely large, from the bored teenager exploring the internet to sovereign State's armies as well as the unhappy former employee.
 What are the motivations of the attackers? How can they break seemingly so easily into any network? What do they do to their victims?
 We will put on our black hat and explore the world of offensive security, whether it be cyber attacks, cybercrimes, or cyberwar.
 Scanners, exploits, phishing toolkit, implants... From theory to practice, we will explore the arcane of offensive security and build our own offensive tools with the Rust programming language, Stack Overflow's most loved language for five years in a row.
 Which programming language allows to craft shellcodes, build servers, create phishing pages? Before Rust, none! Rust is the long-awaited one-size-fits-all programming language meeting all those requirements thanks to its unparalleled guarantees and feature set. Here is why.

 Many books have been written about software testing, but most of them discuss the general framework of testing from a traditional perspective. Unfortunately, traditional test design techniques are often ineffective and unreliable for revealing the various kinds of faults that may occur. This book introduces three new software testing techniques: Two-Phase Model-Based Testing, the Action-State Testing, and the General Predicate Testing, all of which work best when applied with efficient fault revealing capabilities.

 You’ll start with a short recap of software testing, focusing on why risk analysis is obligatory, how to classify bugs practically, and how fault-based testing can be used for improving test design. You’ll then see how action-state testing merges the benefits of state transition testing and use case testing into a unified approach. Moving on you’ll look at general predicate testing and how it serves as an extension of boundary value analysis, encompassing more complex predicates.

 Two-phase model-based testing represents an advanced approach where the model does not necessarily need to be machine-readable; human readability suffices. The first phase involves a high-level model from which abstract tests are generated. Upon manual execution of these tests, the test code is generated. Rather than calculating output values, they are merely checked for conformity. The last part of this book contains a chapter on how developers and testers can help each other and work as a collaborative team.

What You'll Learn

• Apply efficient test design techniques for detecting domain faults
• Work with modeling techniques that combine all the advantages of state transition testing and uses case testing
• Grasp the two-phase model-based testing technique
• Use test design efficiently to find almost all the bugs in an application

Who This Book Is For

 Software developers, QA engineers, and, business analysts

 Software Testing Strategies covers a wide range of topics in the field of software testing, providing practical insights and strategies for professionals at every level. With equal emphasis on theoretical knowledge and practical application, this book is a valuable resource for programmers, testers, and anyone involved in software development.

 The first part delves into the fundamentals of software testing, teaching you about test design, tooling, and automation. The chapters help you get to grips with specialized testing areas, including security, internationalization, accessibility, and performance. The second part focuses on the integration of testing into the broader software delivery process, exploring different delivery models and puzzle pieces contributing to effective testing. You’ll discover how to craft your own test strategies and learn about lean approaches to software testing for optimizing processes. The final part goes beyond technicalities, addressing the broader context of testing. The chapters cover case studies, experience reports, and testing responsibilities, and discuss the philosophy and ethics of software testing.

 By the end of this book, you’ll be equipped to elevate your testing game and ensure software quality, and have an indispensable guide to the ever-evolving landscape of software quality assurance.

What you will learn

• Explore accessibility, functional testing, performance testing, and more as an integral part of testing
• Find out how to implement a wide range of testing approaches
• Develop the skills needed to create effective testing strategies tailored to your project's needs
• Discover how to prioritize and execute the most impactful test ideas
• Gain insight into when and how to apply different testing elements
• Defend your chosen testing strategy with a comprehensive understanding of its components

Who this book is for

 This book is for a broad spectrum of professionals engaged in software development, including programmers, testers, and DevOps specialists. Tailored to those who aspire to elevate their testing practices beyond the basics, the book caters to anyone seeking practical insights and strategies to master the nuanced interplay between human intuition and automation. Whether you are a seasoned developer, meticulous tester, or DevOps professional, this comprehensive guide offers a transformative roadmap to become an adept strategist in the dynamic realm of software quality assurance.

 In this digitally driven era, safeguarding against relentless cyber threats is non-negotiable. This guide will enable you to enhance your skills as a digital forensic examiner by introducing you to cyber challenges that besiege modern entities. It will help you to understand the indispensable role adept digital forensic experts play in preventing these threats and equip you with proactive tools to defend against ever-evolving cyber onslaughts.

 The book begins by unveiling the intricacies of Windows operating systems and their foundational forensic artifacts, helping you master the art of streamlined investigative processes. From harnessing opensource tools for artifact collection to delving into advanced analysis, you’ll develop the skills needed to excel as a seasoned forensic examiner. As you advance, you’ll be able to effortlessly amass and dissect evidence to pinpoint the crux of issues. You’ll also delve into memory forensics tailored for Windows OS, decipher patterns within user data, and log and untangle intricate artifacts such as emails and browser data.

 By the end of this book, you’ll be able to robustly counter computer intrusions and breaches, untangle digital complexities with unwavering assurance, and stride confidently in the realm of digital forensics.

What you will learn

• Master the step-by-step investigation of efficient evidence analysis
• Explore Windows artifacts and leverage them to gain crucial insights
• Acquire evidence using specialized tools such as FTK Imager to maximize retrieval
• Gain a clear understanding of Windows memory forensics to extract key insights
• Experience the benefits of registry keys and registry tools in user profiling by analyzing Windows registry hives
• Decode artifacts such as emails, applications execution, and Windows browsers for pivotal insights

Who this book is for

 This book is for forensic investigators with basic experience in the field, cybersecurity professionals, SOC analysts, DFIR analysts, and anyone interested in gaining deeper knowledge of Windows forensics. It's also a valuable resource for students and beginners in the field of IT who’re thinking of pursuing a career in digital forensics and incident response.

 The Ethical Hacking Workshop will teach you how to perform ethical hacking and provide you with hands-on experience using relevant tools.

 By exploring the thought process involved in ethical hacking and the various techniques you can use to obtain results, you'll gain a deep understanding of how to leverage these skills effectively.

 Throughout this book, you'll learn how to conduct a successful ethical hack, how to use the tools correctly, and how to interpret the results to enhance your environment's security. Hands-on exercises at the end of each chapter will ensure that you solidify what you’ve learnt and get experience with the tools.

 By the end of the book, you'll be well-versed in ethical hacking and equipped with the skills and knowledge necessary to safeguard your enterprise against cyber-attacks.

What you will learn

• Understand the key differences between encryption algorithms, hashing algorithms, and cryptography standards
• Capture and analyze network traffic
• Get to grips with the best practices for performing in-cloud recon
• Get start with performing scanning techniques and network mapping
• Leverage various top tools to perform privilege escalation, lateral movement, and implant backdoors
• Find out how to clear tracks and evade detection

Who this book is for

 This book is for cybersecurity professionals who already work as part of a security team, blue team, purple team or as a security analyst and want to become familiar with the same skills and tools that potential attackers may use to breach your system and identify security vulnerabilities. A solid understanding of cloud computing and networking is a prerequisite.

 Cybercrime is increasing at an exponential rate. Every day, new hacking techniques and tools are being developed by threat actors to bypass security systems and access private data. Most people do not know how to secure themselves, their devices, and their media shared online.

 Especially now, cybercriminals appear to be ahead of cybersecurity experts across cyberspace. During the coronavirus pandemic, we witnessed the peak of cybercrime, which is likely to be sustained even after the pandemic.

 This book is an up-to-date self-help guide for everyone who connects to the Internet and uses technology. It is designed to spread awareness about cybersecurity by explaining techniques and methods that should be implemented practically by readers.

 Arun Soni is an international award-winning author who has written 159 books on information technology. He is also a Certified Ethical Hacker (CEH v8) from the EC-Council US. His achievements have been covered by major newspapers and portals, such as Business Standard, The Economic Times, Indian Express, The Tribune, Times of India, Yahoo News, and Rediff.com. He is the recipient of multiple international records for this incomparable feat. His vast international exposure in cybersecurity and writing make this book special. This book will be a tremendous help to everybody and will be considered a bible on cybersecurity.

 Из этой книги вы не узнаете, как взламывать банки - ничего противозаконного описано здесь не будет. Мы не хотим, чтобы у наших читателей или кого-либо еще возникли какие-то проблемы из-за нашей книги.

 Будет рассказано: об основных принципах взлома сайтов (а чтобы теория не расходилась с практикой, будет рассмотрен реальный пример взлома); отдельная глава будет посвящена угону почтового ящика (мы покажем, как взламывается почтовый ящик - будут рассмотрены различные способы).

 Ты узнаешь: как устроено анонимное общение в сети посредством электронной почты и всякого рода мессенджеров; как анонимно посещать сайты, как создать анонимный почтовый ящик и какой мессенджер позволяет зарегистрироваться без привязки к номеру телефона.

 Будут рассмотрены самые популярные инструменты хакеров - Kali Linux, которая содержит несколько сотен (более 600) инструментов, ориентированных на различные задачи информационной безопасности; и инструмент для поиска уязвимостей и взлома информационных систем - Metasploit.

 Отдельная глава посвящена взлому паролей. В основном мы будем взламывать пароль учетной записи Windows и рассмотрим, как можно взломать шифрование EFS и зашифрованный диск BitLocker. Также рассмотрим, как взламывается пароль WiFi.

 Для большинства задач не потребуется никаких специальных знаний, кроме базовых навыков работы с компьютером. А для тех, кто хочет освоить приемы «посерьезнее», потребуется знание основ программирования.

 Эта книга — сборник лучших, тщательно отобранных статей из легендарного журнала «Хакер». Рассмотрены операционные системы Windows 11 и Linux с точки зрения организации эффективной работы на ПК. Описаны полезные приложения для этих ОС, утилиты для работы в терминале. Рассказано о программах для стеганографии — скрытия полезных данных в графических изображениях. Даны практические советы для пользователей Windows 11 по удаленной установке ОС, отключению телеметрии, удалению программ и компонент, тонкой настройке системы, ее оптимизации для работы на несовместимом и устаревшем оборудовании. Подробно описаны различные настройки Linux для безопасной работы. Представлены примеры постройки самодельного корпуса для ПК, установки суперконденсатора в беспроводную мышь, сборки самодельного ноутбука. Приведен обзор возможностей устройств Apple на базе процессоров М1 и даны советы по их эффективному использованию.

Вы узнаете

• Полезные инструменты для Windows и Linux
• Сокрытие секретных данных в картинках
• Необходимые утилиты для работы в терминале
• Переустановка Windows через удаленный доступ
• Ускорение работы Windows 11 на старом железе
• Твики, трюки и «секретные» настройки Windows 11
• Постройка необычного корпуса для компьютера
• Сборка ноутбука своими руками с нуля
• Установка суперконденсатора в беспроводную мышь, чтобы заряжать ее за секунды
• Компьютеры Apple c процессором M1 для хакера

 Встроенные системы трудно атаковать. Различных конструкций плат, процессоров и операционных систем слишком много, и это затрудняет их реверс-инжиниринг. Но теперь все станет проще – вас обучат два ведущих мировых эксперта по взлому аппаратного обеспечения. Пройдите ускоренный курс по архитектуре и безопасности встроенных устройств, узнайте об электрических сигналах, анализе образов прошивок и многом другом. Авторы объединяют теорию с практическими инструкциями, которые вы можете применить на реальном железе. Книга завершается описанием атак на такие устройства, как Sony PlayStation 3, Xbox 360 и лампы Philips Hue. В приложении приведен список всего оборудования, которое понадобится вам для домашней лаборатории, независимо от того, планируете ли вы модифицировать печатную плату или собирать и анализировать графики потребляемой мощности.

Рассмотрена внутренняя архитектура ОС Android, используемые ею разделы и файловые системы, принцип работы механизмов обновления и внутренних инструментов безопасности. Рассказано о разграничении доступа в ОС Android, о привилегиях, методах получения прав root, кастомизации и установке нестандартных прошивок. Описаны инструменты для дизассемблирования, отладки и анализа кода мобильных приложений, приведены примеры модификации кода с целью изменения функций ПО и внедрения в приложение сторонних модулей. Даны подробные рекомендации по деобфускации кода и обходу антиотладки, а также практические советы по защите собственных приложений от декомпиляции и исследования. Приводятся сведения о вредоносных программах для платформы Android, используемых ими уязвимостях, даны примеры кода таких программ. Рассказывается об использовании стандартных функций Android в нестандартных целях и способах противодействия вредоносному ПО. Во втором издании приводятся сведения об изменениях и нововведениях в Android 14.

Для разработчиков мобильных приложений, реверс-инженеров, специалистов по информационной безопасности и защите данных.

 В этой книге рассматриваются методы обхода систем безопасности сетевых сервисов и проникновения в открытые информационные системы. Информационная безопасность, как и многое в нашем мире, представляет собой медаль с двумя сторонами. С одной стороны, мы проводим аудит, ищем способы проникновения и даже применяем их на практике, а с другой – работаем над защитой. Тесты на проникновение являются частью нормального жизненного цикла любой ИТ-инфраструктуры, позволяя по-настоящему оценить возможные риски и выявить скрытые проблемы.

 Может ли взлом быть законным? Конечно, может! Но только в двух случаях – когда вы взламываете принадлежащие вам ИС или когда вы взламываете сеть организации, с которой у вас заключено письменное соглашение о проведении аудита или тестов на проникновение. Мы надеемся, что вы будете использовать информацию из данной книги только в целях законного взлома ИС. Пожалуйста, помните о неотвратимости наказания – любые незаконные действия влекут за собой административную или уголовную ответственность.

 Cybersecurity All-in-One For Dummies covers a lot of ground in the world of keeping computer systems safe from those who want to break in. This book offers a one-stop resource on cybersecurity basics, personal security, business security, cloud security, security testing, and security awareness. Filled with content to help with both personal and business cybersecurity needs, this book shows you how to lock down your computers, devices, and systems―and explains why doing so is more important now than ever. Dig in for info on what kind of risks are out there, how to protect a variety of devices, strategies for testing your security, securing cloud data, and steps for creating an awareness program in an organization.

• Explore the basics of cybersecurity at home and in business
• Learn how to secure your devices, data, and cloud-based assets
• Test your security to find holes and vulnerabilities before hackers do
• Create a culture of cybersecurity throughout an entire organization

 This For Dummies All-in-One is a stellar reference for business owners and IT support pros who need a guide to making smart security choices. Any tech user with concerns about privacy and protection will also love this comprehensive guide.

 Cyberattacks continue to increase in volume and sophistication, targeting everything owned, managed, and serviced from the cloud. Today, there is widespread consensus―it is not a matter of if, but rather when an organization will be breached. Threat actors typically target the path of least resistance. With the accelerating adoption of cloud technologies and remote work, the path of least resistance is shifting in substantive ways. In recent years, attackers have realigned their efforts, focusing on remaining undetected, monetization after exploitation, and publicly shaming organizations after a breach.

 New, innovative, and useful products continue to emerge and offer some cloud protection, but they also have distinct limitations. No single, standalone solution or strategy can effectively protect against all cloud attack vectors or identify all malicious activity. The simple fact is that the cloud is based on a company’s assets being offered as services. As a result, the best security any organization can achieve is to establish controls and procedures in conjunction with services that are licensed in the cloud.

 Cloud Attack Vectors details the risks associated with cloud deployments, the techniques threat actors leverage, the empirically-tested defensive measures organizations should adopt, and shows how to improve detection of malicious activity.

What You’ll Learn

• Know the key definitions pertaining to cloud technologies, threats, and cybersecurity solutions
• Understand how entitlements, permissions, rights, identities, accounts, credentials, and exploits can be leveraged to breach a cloud environment
• Implement defensive and monitoring strategies to mitigate cloud threats, including those unique to cloud and hybrid cloud environments
• Develop a comprehensive model for documenting risk, compliance, and reporting based on your cloud implementation

Who This Book Is For

 New security professionals, entry-level cloud security engineers, managers embarking on digital transformation, and auditors looking to understand security and compliance risks associated with the cloud

 Кибербезопасностью сегодня озабочены все, от рядовых пользователей Сети до владельцев крупных корпораций и государственных служащих. Но мало кто из них на самом деле знает, как функционирует мир хакерских атак и сетевых взломов изнутри.

Эта книга – ваш проводник в сферу информационной безопасности. Благодаря ей вы узнаете:

• что такое DDoS-атаки и как защититься от них;
• как работает социальная инженерия и почему на нее так легко повестись;
• от чего защищают брандмауэры и зачем они нужны;
• почему не все антивирусные программы одинаково полезны;
• как избавиться от уязвимостей программного обеспечения.

 Обо всем этом вам расскажут бывшие хакеры – нынешние профессиональные борцы с цифровой уязвимостью и эксперты по информационной безопасности.

 Заключительные главы представляют из себя руководство для родителей юных хакеров, а также Кодекс этического хакерства, который поможет вам начать собственный путь.

While conducting my research for this (and the first edition of this) book, I have noted literally hundreds of cyber security incidents – some relatively trivial, some rather more serious.

 What has never ceased to amaze me is not that they keep happening, but that the same kinds of incident keep happening, and that some people do not appear to learn the lessons of others’ mistakes and occasionally even of their own. In the 21st century, we are almost totally reliant upon information technology, and in particular the interconnectedness that allows us to conduct our lives more efficiently. We now regard access to the connected world as a basic utility along with gas, electricity and water.

 As business, commerce and government continue to place their services online, we have become increasingly dependent upon something that few people truly understand, and to which some for whatever reason are denied access
 

 Learn to write better automated tests that will dramatically increase your productivity and have fun while doing so. This book is a build-your-own adventure designed for individual reading and for collaborative workshops.

 You will build an xUnit automated test framework using JavaScript: initially a clone of Jest, but adding a couple of neat features borrowed from RSpec, the genre-defining tool for behavior-driven development (BDD). Along the way, you will explore the philosophy behind automated testing best practices. The automated test runner is one of the most important innovations within software engineering. But for many programmers, automated testing remains a mystery, and knowing how to write good tests is akin to sorcery.

 As the chapters of this book unfold, you will see how the humble test runner is an elegant and simple piece of software. Each chapter picks a single feature to build, like the "it" function or the "beforeEach" block. It picks apart the theory of why the feature needs to exist, and how to use it effectively in your own test suites. Every chapter ends with a set of ideas for extension points should you wish to explore further, alone or in groups. The book culminates in an implementation of test doubles and mocks―one of the most difficult and misunderstood concepts within automated testing.
By the end of the book, you will have gained a solid understanding of automated testing principles that you can immediately apply to your work projects.

What You'll Learn

• Build an xUnit automated test framework
• See how an automated test runner works
• Understand the best practices for automated unit testing
• Effectively use test doubles and mocks

Who This Book Is For

 Software developers with JavaScript experience who are seeking to master the art of automated testing.

 Go beyond basic testing! Great software testing makes the entire development process more efficient. This book reveals a systemic and effective approach that will help you customize your testing coverage and catch bugs in tricky corner cases.

 In Effective Software Testing you will learn how to:

•     Engineer tests with a much higher chance of finding bugs
•     Read code coverage metrics and use them to improve your test suite
•     Understand when to use unit tests, integration tests, and system tests
•     Use mocks and stubs to simplify your unit testing
•     Think of pre-conditions, post-conditions, invariants, and contracts
•     Implement property-based tests
•     Utilize coding practices like dependency injection and hexagonal architecture that make your software easier to test
•     Write good and maintainable test code

 Effective Software Testing teaches you a systematic approach to software testing that will ensure the quality of your code. It’s full of techniques drawn from proven research in software engineering, and each chapter puts a new technique into practice. Follow the real-world use cases and detailed code samples, and you’ll soon be engineering tests that find bugs in edge cases and parts of code you’d never think of testing! Along the way, you’ll develop an intuition for testing that can save years of learning by trial and error.

 Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.

 About the technology

 Effective testing ensures that you’ll deliver quality software. For software engineers, testing is a key part of the development process. Mastering specification-based testing, boundary testing, structural testing, and other core strategies is essential to writing good tests and catching bugs before they hit production.

 About the book

 Effective Software Testing is a hands-on guide to creating bug-free software. Written for developers, it guides you through all the different types of testing, from single units up to entire components. You’ll also learn how to engineer code that facilitates testing and how to write easy-to-maintain test code. Offering a thorough, systematic approach, this book includes annotated source code samples, realistic scenarios, and reasoned explanations.

 What's inside

•     Design rigorous test suites that actually find bugs
•     When to use unit tests, integration tests, and system tests
•     Pre-and post-conditions, invariants, contracts, and property-based tests
•     Design systems that are test-friendly
•     Test code best practices and test smells

 About the reader

 The Java-based examples illustrate concepts you can use for any object-oriented language.

 Python For Cybersecurity: Using Python for Cyber Offense and Defense delivers an intuitive and hands-on explanation of using Python for cybersecurity. It relies on the MITRE ATT&CK framework to structure its exploration of cyberattack techniques, attack defenses, and the key cybersecurity challenges facing network administrators and other stakeholders today.

 Offering downloadable sample code, the book is written to help you discover how to use Python in a wide variety of cybersecurity situations, including:

• Reconnaissance, resource development, initial access, and execution
• Persistence, privilege escalation, defense evasion, and credential access
• Discovery, lateral movement, collection, and command and control
• Exfiltration and impact

 Each chapter includes discussions of several techniques and sub-techniques that could be used to achieve an attacker's objectives in any of these use cases. The ideal resource for anyone with a professional or personal interest in cybersecurity, Python For Cybersecurity offers in-depth information about a wide variety of attacks and effective, Python-based defenses against them.