B | Software Security: Building Security In

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Abstract syntax tree
Abuse cases
     anti-requirements
     attack models
     attack patterns
     attacker motivation
     benefits of
     constructive/destructive nature
     creating
     description
     development team
     example 2nd
     flyover
     history of
     identifying and documenting threats
     overview
     process diagram
     software developers and information security practitioners
     touchpoint process
Academic software security
Access control policies, modeling
Adversarial security testing
Aitel, Dave
ALE (Annualized Loss Expectancy)
Ambiguity analysis, in architectural risk analysis
Anderson, Ross
Anti-requirements
API Abuse vulnerability kingdom
     description
     example
     phyla
APISPY32
Application security
     badness-ometers
     limitations of
     testing tools 2nd
     versus software security
Applied risk management pillar
Arc injection attacks
Architectural risk analysis
     .NET security model overview
     access control policies, modeling
     ad hoc
     assets
     bugs 2nd
     checklists
     commercial
     common themes
     constructive/destructive nature
     countermeasures
     description
     flaws 2nd
     flyover
     forest-level view 2nd
     getting started
     impact
     in the RMF
     knowledge requirements
     major activities
     necessity of
     one page design overview 2nd
     practical applications
     probability
     process diagram
         ambiguity analysis
         attack resistance analysis
         weakness analysis
     risk analysis, definition
    risk calculation
         impact
         modern model
         traditional model
     risk management, definition
     risks
     ROI (return on investment)
     safeguards
     software developers and information security practitioners
     standards-based
     STRIDE
     terminology
     threat modeling versus risk analysis
     threats
    touchpoint process
         ad hoc approach
         ambiguity analysis
         attack resistance analysis
         critical steps
         examples of flaws 2nd 3rd
         exploit graphs
         process diagram
         weakness analysis
     vulnerabilities
Arciniegas, Fabio
Arkin, Brad
Array out of bounds 2nd
Articles. [See Bibliography]
Artifacts, software 2nd 3rd
ASP.NET Misconfiguration phylum
ASSET
Assets, definition
Assume nothing
AST. [See Abstract syntax tree]
Attack classes
Attack models
Attack patterns
     knowledge catalog 2nd
     list of
     taxonomy of
Attack resistance analysis, in architectural risk analysis
Attacker motivation
Attackers' tools 2nd
     APISPY32
     breakpoint setters
     control flow
     coverage
     decompilers
     disassemblers
     fault injectors
     rootkits
     shell code
Auditing open source applications, tutorial
Authentication phylum 2nd
Automation
     Cigital Workbench
     risk-based security testing