Hacking and Security

Тестирование веб-API - Винтерингем Марк

2024
русский

 Веб-интерфейсы — лицо приложения, и они должны быть совершенными. Внедрение программы автоматизированного тестирования — лучший способ убедиться, что ваши API готовы к работе.
 «Тестирование веб-API» — это уникальное практическое руководство, включающее в себя описание всех этапов: от начального проектирования набора тестов до методов документирования, реализации и предоставления высококачественных API. Вы познакомитесь с обширным набором методов тестирования — от исследовательского до тестирования продакшен-кода, а также узнаете, как сэкономить время за счет автоматизации с использованием стандартных инструментов. Книга поможет избежать многих трудностей при тестировании API.

Go to >

ISTQB® Certified Tester Foundation Level - Adam Roman, Lucjan Stapp, Michaël Pilaeten

2024
english

 This book is aimed at everyone preparing for the ISTQB® Certified Tester – Foundation Level exam based on the Foundation Level syllabus (version 4.0) published in 2023. It provides candidates with reliable knowledge based on this document and thus distinguishes itself from all the information about ISTQB® syllabi and exams on the Internet, which is often of rather poor quality and may even contain serious errors.

 The book expands and details many issues that are described in the new 2023 version of the syllabus in a perfunctory or general way only. According to the ISTQB® guidelines for syllabus-based training, an exercise must be provided for each learning objective at the K3 level, and a practical example must be provided for each objective at the K2 or K3 level. In order to satisfy these requirements, the authors prepared numerous exercises and examples for all learning objectives at these levels. In addition, for each learning objective, one or more sample exam questions are presented which are similar to those that the candidate will see in the exam. This makes the book an excellent aid for studying and preparing for the exam and verifying acquired knowledge.

Go to >

Bug Bounty Decoded: Unraveling the Mysteries of Ethical Hacking Rewards - Vincent Curtis

2023
english

Welcome to "Bug Bounty Decoded: Unraveling the Mysteries of Ethical Hacking Rewards." In the pages that follow, we embark on a journey into the heart of cybersecurity's cutting edge, where hackers transform into heroes, and the vulnerabilities they uncover are a catalyst for digital progress. This book is your roadmap to understanding the world of bug bounties – a landscape that transcends mere technology, encompassing psychology, ethics, collaboration, and the relentless pursuit of knowledge. From the early days of security testing to the intricate art of ethical hacking, each chapter will guide you through the multifaceted dimensions of this thrilling field. We will explore the mindset of the bug hunter – the amalgamation of persistence, creativity, and a passion for problem-solving that drives them forward. Equipped with this mindset, we will delve into the process of discovering vulnerabilities, from the initial reconnaissance to the delicate dance of responsible disclosure. We will venture into the world of bug bounty platforms, where the right combination of strategy and tenacity can lead to substantial rewards. Yet, as with any endeavor, challenges abound. We will confront the frustrations of false positives, navigate the legal and ethical nuances, and uncover the power of collaboration within a vibrant community of like-minded individuals. The stories within these pages will introduce you to the pioneers who have shaped the landscape of ethical hacking, recounting their victories, challenges, and the lessons they've learned along the way. We will examine the delicate balance between revealing vulnerabilities and maintaining the integrity of systems, exploring the ethical considerations that guide this critical pursuit. As we peer into the future, we will speculate on the ever-evolving role of ethical hackers in a world perpetually teetering on the edge of innovation. Through the trials, triumphs, and transformative potential of bug bounty programs, you will gain a comprehensive understanding of the ethical hacking landscape and the extraordinary individuals who populate it. So, buckle up and prepare to embark on a journey that melds technology with humanity, curiosity with security, and innovation with responsibility. "Bug Bounty Decoded: Unraveling the Mysteries of Ethical Hacking Rewards" is your passport to a realm where knowledge is power, and every vulnerability uncovered is a step toward a safer digital world. Let's decode the mysteries together.

Go to >

Defending APIs - Colin Domoney

2024
english

 Along with the exponential growth of API adoption comes a rise in security concerns about their implementation and inherent vulnerabilities. For those seeking comprehensive insights into building, deploying, and managing APIs as the first line of cyber defense, this book offers invaluable guidance. Written by a seasoned DevSecOps expert, Defending APIs addresses the imperative task of API security with innovative approaches and techniques designed to combat API-specific safety challenges.

 The initial chapters are dedicated to API building blocks, hacking APIs by exploiting vulnerabilities, and case studies of recent breaches, while the subsequent sections of the book focus on building the skills necessary for securing APIs in real-world scenarios.

 Guided by clear step-by-step instructions, you'll explore offensive techniques for testing vulnerabilities, attacking, and exploiting APIs. Transitioning to defensive techniques, the book equips you with effective methods to guard against common attacks. There are plenty of case studies peppered throughout the book to help you apply the techniques you're learning in practice, complemented by in-depth insights and a wealth of best practices for building better APIs from the ground up.

 By the end of this book, you'll have the expertise to develop secure APIs and test them against various cyber threats targeting APIs.

What You Will Learn:

  • Explore the core elements of APIs and their collaborative role in API development
  • Understand the OWASP API Security Top 10, dissecting the root causes of API vulnerabilities
  • Obtain insights into high-profile API security breaches with practical examples and in-depth analysis
  • Use API attacking techniques adversaries use to attack APIs to enhance your defensive strategies
  • Employ shield-right security approaches such as API gateways and firewalls
  • Defend against common API vulnerabilities across several frameworks and languages, such as .NET, Python, and Java

Who this book is for:

 This book is for application security engineers, blue teamers, and security professionals looking forward to building an application security program targeting API security. For red teamers and pentesters, it provides insights into exploiting API vulnerabilities. API developers will benefit understanding, anticipating, and defending against potential threats and attacks on their APIs. While basic knowledge of software and security is required to understand the attack vectors and defensive techniques explained in the book, a thorough understanding of API security is all you need to get started.

Go to >

Что такое тестирование. Курс молодого бойца - Ольга Назина

2022
русский

 Уникальная книга-тренинг по тестированию программ, охватывающая весь необходимый тестировщику спектр знаний с азов до сложных концепций. Рассматриваются виды и методики тестирования, способы поиска ошибок в программах, оформления тест-кейсов и чек-листов, описания выявленных недостатков и предлагаемых улучшений. Книга содержит домашние задания, выполнив которые читатель освоит тестирование ПО на практике и соберет портфолио, необходимое для последующего трудоустройства.

Go to >

Black Hat Rust - Sylvain Kerkour

2022
english

 Whether in movies or mainstream media, hackers are often romanticized: they are painted as black magic wizards, nasty criminals, or, in the worst cases, as thieves with a hood and a crowbar.

 In reality, the spectrum of the profile of the attackers is extremely large, from the bored teenager exploring the internet to sovereign State's armies as well as the unhappy former employee.
 What are the motivations of the attackers? How can they break seemingly so easily into any network? What do they do to their victims?
 We will put on our black hat and explore the world of offensive security, whether it be cyber attacks, cybercrimes, or cyberwar.
 Scanners, exploits, phishing toolkit, implants... From theory to practice, we will explore the arcane of offensive security and build our own offensive tools with the Rust programming language, Stack Overflow's most loved language for five years in a row.
 Which programming language allows to craft shellcodes, build servers, create phishing pages? Before Rust, none! Rust is the long-awaited one-size-fits-all programming language meeting all those requirements thanks to its unparalleled guarantees and feature set. Here is why.

Go to >

Modern Software Testing Techniques - Attila Kovács, István Forgács

2024
english

 Many books have been written about software testing, but most of them discuss the general framework of testing from a traditional perspective. Unfortunately, traditional test design techniques are often ineffective and unreliable for revealing the various kinds of faults that may occur. This book introduces three new software testing techniques: Two-Phase Model-Based Testing, the Action-State Testing, and the General Predicate Testing, all of which work best when applied with efficient fault revealing capabilities.

 You’ll start with a short recap of software testing, focusing on why risk analysis is obligatory, how to classify bugs practically, and how fault-based testing can be used for improving test design. You’ll then see how action-state testing merges the benefits of state transition testing and use case testing into a unified approach. Moving on you’ll look at general predicate testing and how it serves as an extension of boundary value analysis, encompassing more complex predicates.

 Two-phase model-based testing represents an advanced approach where the model does not necessarily need to be machine-readable; human readability suffices. The first phase involves a high-level model from which abstract tests are generated. Upon manual execution of these tests, the test code is generated. Rather than calculating output values, they are merely checked for conformity. The last part of this book contains a chapter on how developers and testers can help each other and work as a collaborative team.

What You'll Learn

  • Apply efficient test design techniques for detecting domain faults
  • Work with modeling techniques that combine all the advantages of state transition testing and uses case testing
  • Grasp the two-phase model-based testing technique
  • Use test design efficiently to find almost all the bugs in an application

Who This Book Is For

 Software developers, QA engineers, and, business analysts

Go to >

Software Testing Strategies - Matthew Heusser, Michael Larsen

2023
english

 Software Testing Strategies covers a wide range of topics in the field of software testing, providing practical insights and strategies for professionals at every level. With equal emphasis on theoretical knowledge and practical application, this book is a valuable resource for programmers, testers, and anyone involved in software development.

 The first part delves into the fundamentals of software testing, teaching you about test design, tooling, and automation. The chapters help you get to grips with specialized testing areas, including security, internationalization, accessibility, and performance. The second part focuses on the integration of testing into the broader software delivery process, exploring different delivery models and puzzle pieces contributing to effective testing. You’ll discover how to craft your own test strategies and learn about lean approaches to software testing for optimizing processes. The final part goes beyond technicalities, addressing the broader context of testing. The chapters cover case studies, experience reports, and testing responsibilities, and discuss the philosophy and ethics of software testing.

 By the end of this book, you’ll be equipped to elevate your testing game and ensure software quality, and have an indispensable guide to the ever-evolving landscape of software quality assurance.

What you will learn

  • Explore accessibility, functional testing, performance testing, and more as an integral part of testing
  • Find out how to implement a wide range of testing approaches
  • Develop the skills needed to create effective testing strategies tailored to your project's needs
  • Discover how to prioritize and execute the most impactful test ideas
  • Gain insight into when and how to apply different testing elements
  • Defend your chosen testing strategy with a comprehensive understanding of its components

Who this book is for

 This book is for a broad spectrum of professionals engaged in software development, including programmers, testers, and DevOps specialists. Tailored to those who aspire to elevate their testing practices beyond the basics, the book caters to anyone seeking practical insights and strategies to master the nuanced interplay between human intuition and automation. Whether you are a seasoned developer, meticulous tester, or DevOps professional, this comprehensive guide offers a transformative roadmap to become an adept strategist in the dynamic realm of software quality assurance.

Go to >

Windows Forensics Analyst Field Guide - Muhiballah Mohammed

2023
english

 In this digitally driven era, safeguarding against relentless cyber threats is non-negotiable. This guide will enable you to enhance your skills as a digital forensic examiner by introducing you to cyber challenges that besiege modern entities. It will help you to understand the indispensable role adept digital forensic experts play in preventing these threats and equip you with proactive tools to defend against ever-evolving cyber onslaughts.

 The book begins by unveiling the intricacies of Windows operating systems and their foundational forensic artifacts, helping you master the art of streamlined investigative processes. From harnessing opensource tools for artifact collection to delving into advanced analysis, you’ll develop the skills needed to excel as a seasoned forensic examiner. As you advance, you’ll be able to effortlessly amass and dissect evidence to pinpoint the crux of issues. You’ll also delve into memory forensics tailored for Windows OS, decipher patterns within user data, and log and untangle intricate artifacts such as emails and browser data.

 By the end of this book, you’ll be able to robustly counter computer intrusions and breaches, untangle digital complexities with unwavering assurance, and stride confidently in the realm of digital forensics.

What you will learn

  • Master the step-by-step investigation of efficient evidence analysis
  • Explore Windows artifacts and leverage them to gain crucial insights
  • Acquire evidence using specialized tools such as FTK Imager to maximize retrieval
  • Gain a clear understanding of Windows memory forensics to extract key insights
  • Experience the benefits of registry keys and registry tools in user profiling by analyzing Windows registry hives
  • Decode artifacts such as emails, applications execution, and Windows browsers for pivotal insights

Who this book is for

 This book is for forensic investigators with basic experience in the field, cybersecurity professionals, SOC analysts, DFIR analysts, and anyone interested in gaining deeper knowledge of Windows forensics. It's also a valuable resource for students and beginners in the field of IT who’re thinking of pursuing a career in digital forensics and incident response.

Go to >

Ethical Hacking Workshop - Mohammed Abutheraa, Rishalin Pillay

2023
english

 The Ethical Hacking Workshop will teach you how to perform ethical hacking and provide you with hands-on experience using relevant tools.

 By exploring the thought process involved in ethical hacking and the various techniques you can use to obtain results, you'll gain a deep understanding of how to leverage these skills effectively.

 Throughout this book, you'll learn how to conduct a successful ethical hack, how to use the tools correctly, and how to interpret the results to enhance your environment's security. Hands-on exercises at the end of each chapter will ensure that you solidify what you’ve learnt and get experience with the tools.

 By the end of the book, you'll be well-versed in ethical hacking and equipped with the skills and knowledge necessary to safeguard your enterprise against cyber-attacks.

What you will learn

  • Understand the key differences between encryption algorithms, hashing algorithms, and cryptography standards
  • Capture and analyze network traffic
  • Get to grips with the best practices for performing in-cloud recon
  • Get start with performing scanning techniques and network mapping
  • Leverage various top tools to perform privilege escalation, lateral movement, and implant backdoors
  • Find out how to clear tracks and evade detection

Who this book is for

 This book is for cybersecurity professionals who already work as part of a security team, blue team, purple team or as a security analyst and want to become familiar with the same skills and tools that potential attackers may use to breach your system and identify security vulnerabilities. A solid understanding of cloud computing and networking is a prerequisite.

Go to >

The Cybersecurity Self-Help Guide - Arun Soni

2022
english

 Cybercrime is increasing at an exponential rate. Every day, new hacking techniques and tools are being developed by threat actors to bypass security systems and access private data. Most people do not know how to secure themselves, their devices, and their media shared online.

 Especially now, cybercriminals appear to be ahead of cybersecurity experts across cyberspace. During the coronavirus pandemic, we witnessed the peak of cybercrime, which is likely to be sustained even after the pandemic.

 This book is an up-to-date self-help guide for everyone who connects to the Internet and uses technology. It is designed to spread awareness about cybersecurity by explaining techniques and methods that should be implemented practically by readers.

 Arun Soni is an international award-winning author who has written 159 books on information technology. He is also a Certified Ethical Hacker (CEH v8) from the EC-Council US. His achievements have been covered by major newspapers and portals, such as Business Standard, The Economic Times, Indian Express, The Tribune, Times of India, Yahoo News, and Rediff.com. He is the recipient of multiple international records for this incomparable feat. His vast international exposure in cybersecurity and writing make this book special. This book will be a tremendous help to everybody and will be considered a bible on cybersecurity.

Go to >

Хакинг на примерах. Уязвимости, взлом, защита. 2-е изд - Ярошенко А.А.

2023
русский

 Из этой книги вы не узнаете, как взламывать банки - ничего противозаконного описано здесь не будет. Мы не хотим, чтобы у наших читателей или кого-либо еще возникли какие-то проблемы из-за нашей книги.


 Будет рассказано: об основных принципах взлома сайтов (а чтобы теория не расходилась с практикой, будет рассмотрен реальный пример взлома); отдельная глава будет посвящена угону почтового ящика (мы покажем, как взламывается почтовый ящик - будут рассмотрены различные способы).


 Ты узнаешь: как устроено анонимное общение в сети посредством электронной почты и всякого рода мессенджеров; как анонимно посещать сайты, как создать анонимный почтовый ящик и какой мессенджер позволяет зарегистрироваться без привязки к номеру телефона.


 Будут рассмотрены самые популярные инструменты хакеров - Kali Linux, которая содержит несколько сотен (более 600) инструментов, ориентированных на различные задачи информационной безопасности; и инструмент для поиска уязвимостей и взлома информационных систем - Metasploit.


 Отдельная глава посвящена взлому паролей. В основном мы будем взламывать пароль учетной записи Windows и рассмотрим, как можно взломать шифрование EFS и зашифрованный диск BitLocker. Также рассмотрим, как взламывается пароль WiFi.


 Для большинства задач не потребуется никаких специальных знаний, кроме базовых навыков работы с компьютером. А для тех, кто хочет освоить приемы «посерьезнее», потребуется знание основ программирования.

Go to >

Компьютер глазами хакера - Павел Шалин

2022
русский

 Эта книга — сборник лучших, тщательно отобранных статей из легендарного журнала «Хакер». Рассмотрены операционные системы Windows 11 и Linux с точки зрения организации эффективной работы на ПК. Описаны полезные приложения для этих ОС, утилиты для работы в терминале. Рассказано о программах для стеганографии — скрытия полезных данных в графических изображениях. Даны практические советы для пользователей Windows 11 по удаленной установке ОС, отключению телеметрии, удалению программ и компонент, тонкой настройке системы, ее оптимизации для работы на несовместимом и устаревшем оборудовании. Подробно описаны различные настройки Linux для безопасной работы. Представлены примеры постройки самодельного корпуса для ПК, установки суперконденсатора в беспроводную мышь, сборки самодельного ноутбука. Приведен обзор возможностей устройств Apple на базе процессоров М1 и даны советы по их эффективному использованию.

Вы узнаете

  • Полезные инструменты для Windows и Linux
  • Сокрытие секретных данных в картинках
  • Необходимые утилиты для работы в терминале
  • Переустановка Windows через удаленный доступ
  • Ускорение работы Windows 11 на старом железе
  • Твики, трюки и «секретные» настройки Windows 11
  • Постройка необычного корпуса для компьютера
  • Сборка ноутбука своими руками с нуля
  • Установка суперконденсатора в беспроводную мышь, чтобы заряжать ее за секунды
  • Компьютеры Apple c процессором M1 для хакера
Go to >

Аппаратный хакинг. Взлом реальных вещей - Джаспер ван Вуденберг, Колин О'Флинн

2023
русский

 Встроенные системы трудно атаковать. Различных конструкций плат, процессоров и операционных систем слишком много, и это затрудняет их реверс-инжиниринг. Но теперь все станет проще – вас обучат два ведущих мировых эксперта по взлому аппаратного обеспечения. Пройдите ускоренный курс по архитектуре и безопасности встроенных устройств, узнайте об электрических сигналах, анализе образов прошивок и многом другом. Авторы объединяют теорию с практическими инструкциями, которые вы можете применить на реальном железе. Книга завершается описанием атак на такие устройства, как Sony PlayStation 3, Xbox 360 и лампы Philips Hue. В приложении приведен список всего оборудования, которое понадобится вам для домашней лаборатории, независимо от того, планируете ли вы модифицировать печатную плату или собирать и анализировать графики потребляемой мощности.

Go to >

Android глазами хакера. 2 изд - Евгений Зобнин

2024
русский

Рассмотрена внутренняя архитектура ОС Android, используемые ею разделы и файловые системы, принцип работы механизмов обновления и внутренних инструментов безопасности. Рассказано о разграничении доступа в ОС Android, о привилегиях, методах получения прав root, кастомизации и установке нестандартных прошивок. Описаны инструменты для дизассемблирования, отладки и анализа кода мобильных приложений, приведены примеры модификации кода с целью изменения функций ПО и внедрения в приложение сторонних модулей. Даны подробные рекомендации по деобфускации кода и обходу антиотладки, а также практические советы по защите собственных приложений от декомпиляции и исследования. Приводятся сведения о вредоносных программах для платформы Android, используемых ими уязвимостях, даны примеры кода таких программ. Рассказывается об использовании стандартных функций Android в нестандартных целях и способах противодействия вредоносному ПО. Во втором издании приводятся сведения об изменениях и нововведениях в Android 14.

Для разработчиков мобильных приложений, реверс-инженеров, специалистов по информационной безопасности и защите данных.

Go to >

Аудит безопасности информационных систем - Никита Скабцов

2018
русский

 В этой книге рассматриваются методы обхода систем безопасности сетевых сервисов и проникновения в открытые информационные системы. Информационная безопасность, как и многое в нашем мире, представляет собой медаль с двумя сторонами. С одной стороны, мы проводим аудит, ищем способы проникновения и даже применяем их на практике, а с другой – работаем над защитой. Тесты на проникновение являются частью нормального жизненного цикла любой ИТ-инфраструктуры, позволяя по-настоящему оценить возможные риски и выявить скрытые проблемы.

 Может ли взлом быть законным? Конечно, может! Но только в двух случаях – когда вы взламываете принадлежащие вам ИС или когда вы взламываете сеть организации, с которой у вас заключено письменное соглашение о проведении аудита или тестов на проникновение. Мы надеемся, что вы будете использовать информацию из данной книги только в целях законного взлома ИС. Пожалуйста, помните о неотвратимости наказания – любые незаконные действия влекут за собой административную или уголовную ответственность.

Go to >

Cybersecurity All-in-One For Dummies - Ira Winkler, Joseph Steinberg, Kevin Beaver, Ted Coombs

2023
english

 Cybersecurity All-in-One For Dummies covers a lot of ground in the world of keeping computer systems safe from those who want to break in. This book offers a one-stop resource on cybersecurity basics, personal security, business security, cloud security, security testing, and security awareness. Filled with content to help with both personal and business cybersecurity needs, this book shows you how to lock down your computers, devices, and systems―and explains why doing so is more important now than ever. Dig in for info on what kind of risks are out there, how to protect a variety of devices, strategies for testing your security, securing cloud data, and steps for creating an awareness program in an organization.

  • Explore the basics of cybersecurity at home and in business
  • Learn how to secure your devices, data, and cloud-based assets
  • Test your security to find holes and vulnerabilities before hackers do
  • Create a culture of cybersecurity throughout an entire organization

 This For Dummies All-in-One is a stellar reference for business owners and IT support pros who need a guide to making smart security choices. Any tech user with concerns about privacy and protection will also love this comprehensive guide.

Go to >

Cloud Attack Vectors - Brian Chappell, Christopher Hills, Morey J. Haber

2022
english

 Cyberattacks continue to increase in volume and sophistication, targeting everything owned, managed, and serviced from the cloud. Today, there is widespread consensus―it is not a matter of if, but rather when an organization will be breached. Threat actors typically target the path of least resistance. With the accelerating adoption of cloud technologies and remote work, the path of least resistance is shifting in substantive ways. In recent years, attackers have realigned their efforts, focusing on remaining undetected, monetization after exploitation, and publicly shaming organizations after a breach.

 New, innovative, and useful products continue to emerge and offer some cloud protection, but they also have distinct limitations. No single, standalone solution or strategy can effectively protect against all cloud attack vectors or identify all malicious activity. The simple fact is that the cloud is based on a company’s assets being offered as services. As a result, the best security any organization can achieve is to establish controls and procedures in conjunction with services that are licensed in the cloud.

 Cloud Attack Vectors details the risks associated with cloud deployments, the techniques threat actors leverage, the empirically-tested defensive measures organizations should adopt, and shows how to improve detection of malicious activity.

What You’ll Learn

  • Know the key definitions pertaining to cloud technologies, threats, and cybersecurity solutions
  • Understand how entitlements, permissions, rights, identities, accounts, credentials, and exploits can be leveraged to breach a cloud environment
  • Implement defensive and monitoring strategies to mitigate cloud threats, including those unique to cloud and hybrid cloud environments
  • Develop a comprehensive model for documenting risk, compliance, and reporting based on your cloud implementation

Who This Book Is For

 New security professionals, entry-level cloud security engineers, managers embarking on digital transformation, and auditors looking to understand security and compliance risks associated with the cloud

Go to >

Как противостоять хакерским атакам - Райтман М.А

2023
русский

 Кибербезопасностью сегодня озабочены все, от рядовых пользователей Сети до владельцев крупных корпораций и государственных служащих. Но мало кто из них на самом деле знает, как функционирует мир хакерских атак и сетевых взломов изнутри.

Эта книга – ваш проводник в сферу информационной безопасности. Благодаря ей вы узнаете:

  • что такое DDoS-атаки и как защититься от них;
  • как работает социальная инженерия и почему на нее так легко повестись;
  • от чего защищают брандмауэры и зачем они нужны;
  • почему не все антивирусные программы одинаково полезны;
  • как избавиться от уязвимостей программного обеспечения.

 Обо всем этом вам расскажут бывшие хакеры – нынешние профессиональные борцы с цифровой уязвимостью и эксперты по информационной безопасности.

 Заключительные главы представляют из себя руководство для родителей юных хакеров, а также Кодекс этического хакерства, который поможет вам начать собственный путь.

Go to >

Cyber Security: The complete guide to cyber threats and protection, 2nd Edition - David Sutton

2022
english

While conducting my research for this (and the first edition of this) book, I have noted literally hundreds of cyber security incidents – some relatively trivial, some rather more serious.


 What has never ceased to amaze me is not that they keep happening, but that the same kinds of incident keep happening, and that some people do not appear to learn the lessons of others’ mistakes and occasionally even of their own. In the 21st century, we are almost totally reliant upon information technology, and in particular the interconnectedness that allows us to conduct our lives more efficiently. We now regard access to the connected world as a basic utility along with gas, electricity and water.


 As business, commerce and government continue to place their services online, we have become increasingly dependent upon something that few people truly understand, and to which some for whatever reason are denied access
 

Go to >

Build Your Own Test Framework - Daniel Irvine

2023
english

 Learn to write better automated tests that will dramatically increase your productivity and have fun while doing so. This book is a build-your-own adventure designed for individual reading and for collaborative workshops.

 You will build an xUnit automated test framework using JavaScript: initially a clone of Jest, but adding a couple of neat features borrowed from RSpec, the genre-defining tool for behavior-driven development (BDD). Along the way, you will explore the philosophy behind automated testing best practices. The automated test runner is one of the most important innovations within software engineering. But for many programmers, automated testing remains a mystery, and knowing how to write good tests is akin to sorcery.

 As the chapters of this book unfold, you will see how the humble test runner is an elegant and simple piece of software. Each chapter picks a single feature to build, like the "it" function or the "beforeEach" block. It picks apart the theory of why the feature needs to exist, and how to use it effectively in your own test suites. Every chapter ends with a set of ideas for extension points should you wish to explore further, alone or in groups. The book culminates in an implementation of test doubles and mocks―one of the most difficult and misunderstood concepts within automated testing.
By the end of the book, you will have gained a solid understanding of automated testing principles that you can immediately apply to your work projects.

What You'll Learn

  • Build an xUnit automated test framework
  • See how an automated test runner works
  • Understand the best practices for automated unit testing
  • Effectively use test doubles and mocks

Who This Book Is For

 Software developers with JavaScript experience who are seeking to master the art of automated testing.

Go to >

Effective Software Testing - Mauricio Aniche

2022
english

 Go beyond basic testing! Great software testing makes the entire development process more efficient. This book reveals a systemic and effective approach that will help you customize your testing coverage and catch bugs in tricky corner cases.

 In Effective Software Testing you will learn how to:

  •     Engineer tests with a much higher chance of finding bugs
  •     Read code coverage metrics and use them to improve your test suite
  •     Understand when to use unit tests, integration tests, and system tests
  •     Use mocks and stubs to simplify your unit testing
  •     Think of pre-conditions, post-conditions, invariants, and contracts
  •     Implement property-based tests
  •     Utilize coding practices like dependency injection and hexagonal architecture that make your software easier to test
  •     Write good and maintainable test code


 Effective Software Testing teaches you a systematic approach to software testing that will ensure the quality of your code. It’s full of techniques drawn from proven research in software engineering, and each chapter puts a new technique into practice. Follow the real-world use cases and detailed code samples, and you’ll soon be engineering tests that find bugs in edge cases and parts of code you’d never think of testing! Along the way, you’ll develop an intuition for testing that can save years of learning by trial and error.

 Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.

 About the technology

 Effective testing ensures that you’ll deliver quality software. For software engineers, testing is a key part of the development process. Mastering specification-based testing, boundary testing, structural testing, and other core strategies is essential to writing good tests and catching bugs before they hit production.

 About the book

 Effective Software Testing is a hands-on guide to creating bug-free software. Written for developers, it guides you through all the different types of testing, from single units up to entire components. You’ll also learn how to engineer code that facilitates testing and how to write easy-to-maintain test code. Offering a thorough, systematic approach, this book includes annotated source code samples, realistic scenarios, and reasoned explanations.

 What's inside

  •     Design rigorous test suites that actually find bugs
  •     When to use unit tests, integration tests, and system tests
  •     Pre-and post-conditions, invariants, contracts, and property-based tests
  •     Design systems that are test-friendly
  •     Test code best practices and test smells

 About the reader

 The Java-based examples illustrate concepts you can use for any object-oriented language.

Go to >

Python for Cybersecurity - Howard E. Poston III

2022
english

 Python For Cybersecurity: Using Python for Cyber Offense and Defense delivers an intuitive and hands-on explanation of using Python for cybersecurity. It relies on the MITRE ATT&CK framework to structure its exploration of cyberattack techniques, attack defenses, and the key cybersecurity challenges facing network administrators and other stakeholders today.

 Offering downloadable sample code, the book is written to help you discover how to use Python in a wide variety of cybersecurity situations, including:

  • Reconnaissance, resource development, initial access, and execution
  • Persistence, privilege escalation, defense evasion, and credential access
  • Discovery, lateral movement, collection, and command and control
  • Exfiltration and impact

 Each chapter includes discussions of several techniques and sub-techniques that could be used to achieve an attacker's objectives in any of these use cases. The ideal resource for anyone with a professional or personal interest in cybersecurity, Python For Cybersecurity offers in-depth information about a wide variety of attacks and effective, Python-based defenses against them.

Go to >

Selenium and Appium with Python - Yogashiva Mathivanan

2023
english

 Appium and Selenium are popular open-source frameworks widely used for test automation in the software industry. Python, on the other hand, is a versatile and powerful programming language known for its simplicity and readability. Combining Appium and Selenium with Python offers numerous advantages for test automation, including a simplified testing process, faster test execution, and increased efficiency in test script development.

 Written by a Test Automation Architect, this book aims to enhance your knowledge of Selenium and Appium automation tools. The book will help you learn how to leverage Python for test automation development, gaining skills to automate various types of elements, actions, gestures, and more in web and mobile applications, including Android and IOS. Furthermore, the book will help you create a robust and maintainable test automation framework from scratch. Lastly, the book will teach you how to utilize Selenium Grid with Docker to run and distribute tests across multiple machines, enabling you to maximize efficiency and productivity in test automation.

 By the end of the book, you will be able to build effective and scalable automated testing solutions using Python.

What you will learn

  • Learn how to automate web testing with Selenium and Python.
  • Learn how to automate Mobile testing with appium and Python.
  • Learn how to handle exceptions and synchronization for web and mobile apps.
  • Learn how to automate Hybrid apps using Selenium and Appium.
  • Learn how to integrate Selenium Grid with Docker.

Who this book is for

 This book is for Software Quality Assurance, including Test Automation Engineers, Product Owners, and Developers who are looking to enhance their test automation skills.

Go to >
< 1 2 3 >