Index

InsideBackCover

Three Pillars of Software Security

1. Applied risk management

2. Software security touchpoints

3. Knowledge

Seven Touchpoints

1. Code review

2. Architectural risk analysis

3. Penetration testing

4. Risk-based security tests

5. Abuse cases

6. Security requirements

7. Security operations

Seven Pernicious Kingdoms

1. Input validation and representation

2. API abuse

3. Security features

4. Time and state

5. Error handling

6. Code quality

7. Encapsulation

• Environment