Software Security: Building Security In
Software Security: Building Security In
ISBN: 0321356705
EAN: 2147483647
EAN: 2147483647
Year: 2004
Pages: 154
Pages: 154
Authors: Gary McGraw
- Software Security: Building Security In
- Table of Contents
- Copyright
- Advance Praise for Software Security
- Addison-Wesley Software Security Series
- Foreword
- Preface
- Who This Book Is For
- What This Book Is About
- The Series
- Contacting the Author
- Acknowledgments
- About the Author
- Part I: Software Security Fundamentals
- Chapter 1. Defining a Discipline
- The Security Problem
- Security Problems in Software
- Solving the Problem: The Three Pillars of Software Security
- The Rise of Security Engineering
- Chapter 2. A Risk Management Framework
- Putting Risk Management into Practice
- How to Use This Chapter
- The Five Stages of Activity
- The RMF Is a Multilevel Loop
- Applying the RMF: KillerAppCo s iWare 1.0 Server
- The Importance of Measurement
- The Cigital Workbench
- Risk Management Is a Framework for Software Security
- Part II: Seven Touchpoints for Software Security
- Chapter 3. Introduction to Software Security Touchpoints
- Flyover: Seven Terrific Touchpoints
- Black and White: Two Threads Inextricably Intertwined
- Moving Left
- Touchpoints as Best Practices
- Who Should Do Software Security?
- Software Security Is a Multidisciplinary Effort
- Touchpoints to Success
- Chapter 4. Code Review with a Tool
- Catching Implementation Bugs Early (with a Tool)
- Aim for Good, Not Perfect
- Ancient History
- Approaches to Static Analysis
- Tools from Researchland
- Commercial Tool Vendors
- Touchpoint Process: Code Review
- Use a Tool to Find Security Bugs
- Chapter 5. Architectural Risk Analysis
- Common Themes among Security Risk Analysis Approaches
- Traditional Risk Analysis Terminology
- Knowledge Requirement
- The Necessity of a Forest-Level View
- A Traditional Example of a Risk Calculation
- Limitations of Traditional Approaches
- Modern Risk Analysis
- Touchpoint Process: Architectural Risk Analysis
- Getting Started with Risk Analysis
- Architectural Risk Analysis Is a Necessity
- Chapter 6. Software Penetration Testing
- Penetration Testing Today
- Software Penetration Testinga Better Approach
- Incorporating Findings Back into Development
- Using Penetration Tests to Assess the Application Landscape
- Proper Penetration Testing Is Good
- Chapter 7. Risk-Based Security Testing
- What s So Different about Security?
- Risk Management and Security Testing
- How to Approach Security Testing
- Thinking about (Malicious) Input
- Getting Over Input
- Leapfrogging the Penetration Test
- Chapter 8. Abuse Cases
- Security Is Not a Set of Features
- What You Can t Do
- Creating Useful Abuse Cases
- Touchpoint Process: Abuse Case Development
- An Abuse Case Example
- Abuse Cases Are Useful
- Chapter 9. Software Security Meets Security Operations
- Don t Stand So Close to Me
- Kumbaya (for Software Security)
- Come Together (Right Now)
- Future s So Bright, I Gotta Wear Shades
- Part III: Software Security Grows Up
- Chapter 10. An Enterprise Software Security Program
- The Business Climate
- Building Blocks of Change
- Building an Improvement Program
- Establishing a Metrics Program
- Continuous Improvement
- What about COTS (and Existing Software Applications)?
- Adopting a Secure Development Lifecycle
- Chapter 11. Knowledge for Software Security
- Experience, Expertise, and Security
- Security Knowledge: A Unified View
- Security Knowledge and the Touchpoints
- The Department of Homeland Security Build Security In Portal
- Knowledge Management Is Ongoing
- Software Security Now
- Chapter 12. A Taxonomy of Coding Errors
- On Simplicity: Seven Plus or Minus Two
- The Phyla
- A Complete Example
- Lists, Piles, and Collections
- Go Forth (with the Taxonomy) and Prosper
- Chapter 13. Annotated Bibliography and References
- Annotated Bibliography: An Emerging Literature
- Software Security Puzzle Pieces
- Part IV: Appendices
- Appendix A. Fortify Source Code Analysis Suite Tutorial
- Section 1. Introducing the Audit Workbench
- Section 2. Auditing Source Code Manually
- Section 3. Ensuring a Working Build Environment
- Section 4. Running the Source Code Analysis Engine
- Section 5. Exploring the Basic SCA Engine Command Line Arguments
- Section 6. Understanding Raw Analysis Results
- Section 7. Integrating with an Automated Build Process
- Section 8. Using the Audit Workbench
- Section 9. Auditing Open Source Applications
- Appendix B. ITS4 Rules
- Appendix C. An Exercise in Risk Analysis: Smurfware
- SmurfWare SmurfScanner Risk Assessment Case Study
- SmurfWare SmurfScanner Design for Security
- Appendix D. Glossary
- InsideFrontCover
- InsideBackCover
- Index
- SYMBOL
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X
- Y
- Page #153 (Index)
Software Security: Building Security In
ISBN: 0321356705
EAN: 2147483647
EAN: 2147483647
Year: 2004
Pages: 154
Pages: 154
Authors: Gary McGraw