Flylib.com
Software Security: Building Security In
Software Security: Building Security In
ISBN: 0321356705
EAN: 2147483647
Year: 2004
Pages: 154
Authors:
Gary McGraw
BUY ON AMAZON
Software Security: Building Security In
Table of Contents
Copyright
Advance Praise for Software Security
Addison-Wesley Software Security Series
Foreword
Preface
Who This Book Is For
What This Book Is About
The Series
Contacting the Author
Acknowledgments
About the Author
Part I: Software Security Fundamentals
Chapter 1. Defining a Discipline
The Security Problem
Security Problems in Software
Solving the Problem: The Three Pillars of Software Security
The Rise of Security Engineering
Chapter 2. A Risk Management Framework
Putting Risk Management into Practice
How to Use This Chapter
The Five Stages of Activity
The RMF Is a Multilevel Loop
Applying the RMF: KillerAppCo s iWare 1.0 Server
The Importance of Measurement
The Cigital Workbench
Risk Management Is a Framework for Software Security
Part II: Seven Touchpoints for Software Security
Chapter 3. Introduction to Software Security Touchpoints
Flyover: Seven Terrific Touchpoints
Black and White: Two Threads Inextricably Intertwined
Moving Left
Touchpoints as Best Practices
Who Should Do Software Security?
Software Security Is a Multidisciplinary Effort
Touchpoints to Success
Chapter 4. Code Review with a Tool
Catching Implementation Bugs Early (with a Tool)
Aim for Good, Not Perfect
Ancient History
Approaches to Static Analysis
Tools from Researchland
Commercial Tool Vendors
Touchpoint Process: Code Review
Use a Tool to Find Security Bugs
Chapter 5. Architectural Risk Analysis
Common Themes among Security Risk Analysis Approaches
Traditional Risk Analysis Terminology
Knowledge Requirement
The Necessity of a Forest-Level View
A Traditional Example of a Risk Calculation
Limitations of Traditional Approaches
Modern Risk Analysis
Touchpoint Process: Architectural Risk Analysis
Getting Started with Risk Analysis
Architectural Risk Analysis Is a Necessity
Chapter 6. Software Penetration Testing
Penetration Testing Today
Software Penetration Testinga Better Approach
Incorporating Findings Back into Development
Using Penetration Tests to Assess the Application Landscape
Proper Penetration Testing Is Good
Chapter 7. Risk-Based Security Testing
What s So Different about Security?
Risk Management and Security Testing
How to Approach Security Testing
Thinking about (Malicious) Input
Getting Over Input
Leapfrogging the Penetration Test
Chapter 8. Abuse Cases
Security Is Not a Set of Features
What You Can t Do
Creating Useful Abuse Cases
Touchpoint Process: Abuse Case Development
An Abuse Case Example
Abuse Cases Are Useful
Chapter 9. Software Security Meets Security Operations
Don t Stand So Close to Me
Kumbaya (for Software Security)
Come Together (Right Now)
Future s So Bright, I Gotta Wear Shades
Part III: Software Security Grows Up
Chapter 10. An Enterprise Software Security Program
The Business Climate
Building Blocks of Change
Building an Improvement Program
Establishing a Metrics Program
Continuous Improvement
What about COTS (and Existing Software Applications)?
Adopting a Secure Development Lifecycle
Chapter 11. Knowledge for Software Security
Experience, Expertise, and Security
Security Knowledge: A Unified View
Security Knowledge and the Touchpoints
The Department of Homeland Security Build Security In Portal
Knowledge Management Is Ongoing
Software Security Now
Chapter 12. A Taxonomy of Coding Errors
On Simplicity: Seven Plus or Minus Two
The Phyla
A Complete Example
Lists, Piles, and Collections
Go Forth (with the Taxonomy) and Prosper
Chapter 13. Annotated Bibliography and References
Annotated Bibliography: An Emerging Literature
Software Security Puzzle Pieces
Part IV: Appendices
Appendix A. Fortify Source Code Analysis Suite Tutorial
Section 1. Introducing the Audit Workbench
Section 2. Auditing Source Code Manually
Section 3. Ensuring a Working Build Environment
Section 4. Running the Source Code Analysis Engine
Section 5. Exploring the Basic SCA Engine Command Line Arguments
Section 6. Understanding Raw Analysis Results
Section 7. Integrating with an Automated Build Process
Section 8. Using the Audit Workbench
Section 9. Auditing Open Source Applications
Appendix B. ITS4 Rules
Appendix C. An Exercise in Risk Analysis: Smurfware
SmurfWare SmurfScanner Risk Assessment Case Study
SmurfWare SmurfScanner Design for Security
Appendix D. Glossary
InsideFrontCover
InsideBackCover
Index
SYMBOL
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Page #153 (Index)
Software Security: Building Security In
ISBN: 0321356705
EAN: 2147483647
Year: 2004
Pages: 154
Authors:
Gary McGraw
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
IT Project Management Overview
Project Initiation
Other Planning Processes
Comprehensive Project Plan
Project Execution
Java for RPG Programmers, 2nd Edition
The World Of Java
Javas Language And Syntax
Date And Time Manipulation
Exceptions
Database Access
Visual C# 2005 How to Program (2nd Edition)
Creating Your Simple Application in Visual C# Express
PictureBoxes
Producer/Consumer Relationship with Thread Synchronization
Web Resources
Searching Algorithms
Postfix: The Definitive Guide
Unix Topics
Mail Delivery
Mailing Lists
SMTP Client Authentication
C.5. Compiling Add-on Packages
Microsoft WSH and VBScript Programming for the Absolute Beginner
Getting Started with the WSH and VBScript
Overview of the Windows Script Host
VBScript Basics
Constants, Variables, and Arrays
Using Procedures to Organize Scripts
DNS & BIND Cookbook
Registering Name Servers
Configuring a Name Server to Forward Dynamic Updates
Preventing Windows Computers from Trying to Update Your Zones
Finding a Syntax Error in a named.conf File
Reverse-Mapping an Address with dig
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies