Flylib.com
Software Security: Building Security In
Software Security: Building Security In
ISBN: 0321356705
EAN: 2147483647
Year: 2004
Pages: 154
Authors:
Gary McGraw
BUY ON AMAZON
Software Security: Building Security In
Table of Contents
Copyright
Advance Praise for Software Security
Addison-Wesley Software Security Series
Foreword
Preface
Who This Book Is For
What This Book Is About
The Series
Contacting the Author
Acknowledgments
About the Author
Part I: Software Security Fundamentals
Chapter 1. Defining a Discipline
The Security Problem
Security Problems in Software
Solving the Problem: The Three Pillars of Software Security
The Rise of Security Engineering
Chapter 2. A Risk Management Framework
Putting Risk Management into Practice
How to Use This Chapter
The Five Stages of Activity
The RMF Is a Multilevel Loop
Applying the RMF: KillerAppCo s iWare 1.0 Server
The Importance of Measurement
The Cigital Workbench
Risk Management Is a Framework for Software Security
Part II: Seven Touchpoints for Software Security
Chapter 3. Introduction to Software Security Touchpoints
Flyover: Seven Terrific Touchpoints
Black and White: Two Threads Inextricably Intertwined
Moving Left
Touchpoints as Best Practices
Who Should Do Software Security?
Software Security Is a Multidisciplinary Effort
Touchpoints to Success
Chapter 4. Code Review with a Tool
Catching Implementation Bugs Early (with a Tool)
Aim for Good, Not Perfect
Ancient History
Approaches to Static Analysis
Tools from Researchland
Commercial Tool Vendors
Touchpoint Process: Code Review
Use a Tool to Find Security Bugs
Chapter 5. Architectural Risk Analysis
Common Themes among Security Risk Analysis Approaches
Traditional Risk Analysis Terminology
Knowledge Requirement
The Necessity of a Forest-Level View
A Traditional Example of a Risk Calculation
Limitations of Traditional Approaches
Modern Risk Analysis
Touchpoint Process: Architectural Risk Analysis
Getting Started with Risk Analysis
Architectural Risk Analysis Is a Necessity
Chapter 6. Software Penetration Testing
Penetration Testing Today
Software Penetration Testinga Better Approach
Incorporating Findings Back into Development
Using Penetration Tests to Assess the Application Landscape
Proper Penetration Testing Is Good
Chapter 7. Risk-Based Security Testing
What s So Different about Security?
Risk Management and Security Testing
How to Approach Security Testing
Thinking about (Malicious) Input
Getting Over Input
Leapfrogging the Penetration Test
Chapter 8. Abuse Cases
Security Is Not a Set of Features
What You Can t Do
Creating Useful Abuse Cases
Touchpoint Process: Abuse Case Development
An Abuse Case Example
Abuse Cases Are Useful
Chapter 9. Software Security Meets Security Operations
Don t Stand So Close to Me
Kumbaya (for Software Security)
Come Together (Right Now)
Future s So Bright, I Gotta Wear Shades
Part III: Software Security Grows Up
Chapter 10. An Enterprise Software Security Program
The Business Climate
Building Blocks of Change
Building an Improvement Program
Establishing a Metrics Program
Continuous Improvement
What about COTS (and Existing Software Applications)?
Adopting a Secure Development Lifecycle
Chapter 11. Knowledge for Software Security
Experience, Expertise, and Security
Security Knowledge: A Unified View
Security Knowledge and the Touchpoints
The Department of Homeland Security Build Security In Portal
Knowledge Management Is Ongoing
Software Security Now
Chapter 12. A Taxonomy of Coding Errors
On Simplicity: Seven Plus or Minus Two
The Phyla
A Complete Example
Lists, Piles, and Collections
Go Forth (with the Taxonomy) and Prosper
Chapter 13. Annotated Bibliography and References
Annotated Bibliography: An Emerging Literature
Software Security Puzzle Pieces
Part IV: Appendices
Appendix A. Fortify Source Code Analysis Suite Tutorial
Section 1. Introducing the Audit Workbench
Section 2. Auditing Source Code Manually
Section 3. Ensuring a Working Build Environment
Section 4. Running the Source Code Analysis Engine
Section 5. Exploring the Basic SCA Engine Command Line Arguments
Section 6. Understanding Raw Analysis Results
Section 7. Integrating with an Automated Build Process
Section 8. Using the Audit Workbench
Section 9. Auditing Open Source Applications
Appendix B. ITS4 Rules
Appendix C. An Exercise in Risk Analysis: Smurfware
SmurfWare SmurfScanner Risk Assessment Case Study
SmurfWare SmurfScanner Design for Security
Appendix D. Glossary
InsideFrontCover
InsideBackCover
Index
SYMBOL
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Page #153 (Index)
Software Security: Building Security In
ISBN: 0321356705
EAN: 2147483647
Year: 2004
Pages: 154
Authors:
Gary McGraw
BUY ON AMAZON
A+ Fast Pass
Domain 1 Installation, Configuration, and Upgrading
Domain 3 Preventive Maintenance
Domain 6 Basic Networking
Domain 3 Diagnosing and Troubleshooting
Domain 4 Networks
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Summary
Configuring Extensions and the Dial Plan
Cisco Voice Network Management Solutions
A Cisco Unity System with a Network of Cisco CMEsCentralized Voice Mail Architecture
Troubleshooting Mailbox GUI Configuration Problems
Introduction to 80x86 Assembly Language and Computer Architecture
Representing Data in a Computer
String Operations
Appendix A Hexadecimal/ASCII conversion
Appendix B Useful MS-DOS Commands
Appendix E 80x86 Instructions (by Opcode)
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Hack 8. Remote Control Mac OS X with Bluetooth Phones and PDAs
Hack 33. Watch Network Traffic
Hack 61. Unwire Your Pistol Mouse
Hack 93. Build Cheap, Effective Roof Mounts
Hack 98. Align Antennas at Long Distances
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
Creating a Struts-based MVC Application
Form Presentation and Validation with Struts
Managing Business Logic with Struts
Building a Data Access Tier with ObjectRelationalBridge
Creating a Search Engine with Lucene
Quantitative Methods in Project Management
Project Value: The Source of all Quantitative Measures
Introduction to Probability and Statistics for Projects
Risk-Adjusted Financial Management
Expense Accounting and Earned Value
Quantitative Time Management
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies