S | Software Security: Building Security In

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Race Condition phylum
Ranking and synthesizing risks, RMF
RATS code scanner
Raw analysis results, tutorial
Readings. [See Bibliography.]
References [See Bibliography.]
Reformed hackers
Regulations, security
Renaissance, computer security
Reports, RMF analysis
Required reading
Resource Injection phylum
Return on investment (ROI) 2nd
Risk analysis
    architectural level. [See Architectural risk analysis.]
     definition
     exercise
     versus threat modeling
Risk calculation
     impact
     modern model
     traditional model
Risk management framework (RMF). [See RMF (risk management framework).]
Risk management. [See also RMF (risk management framework).]
     applied risk management pillar
     definition
     risk-based security testing
Risk-based security testing
     adversarial testing
     and penetration testing
     automation
     conditions tested
     constructive/destructive nature
     description
     example
     eXtreme programming
     firewalls
     flyover
     functional testing
     Inside

out approach
     Java card, example
     malicious input
     methodology 2nd
     multithreading
     outside

in approach
     perimeter defense
     personnel involved
     process overview
     risk management [See also RMF (risk management framework).]
     smart cards, example
     SOAP protocol
     "test-driven" design
     timing
Risks
     analysis report
     architectural risk analysis
     business and technical, identifying 2nd
     data review
     definition
     impacts
     indicators
     likelihood scale
    management framework. [See RMF]
     measuring and reporting
    mitigation strategies
         defining 2nd
         penetration testing
         risks 2nd
         RMF
     questionnaires
     ranking
     severity key
     synthesizing
     synthesizing and ranking 2nd
RMF (risk management framework)
    example
         business goal rankings
         business impact scale
         business peer review
         business risk indicators
         business risks 2nd 3rd
         carrying out fixes and validation
         defining a mitigation strategy
         deliverables
         fixes
         gathering artifacts
         goal-to-risk relationship
         identifying business and technical risks
         likelihood of occurrence
         prioritized business goals
         product risks
         project research
         project risks
         ranking risks
         research and interview data analysis
         risk analysis report
         risk data review
         risk impacts
         risk indicators
         risk likelihood scale
         risk mitigation
         risk questionnaires
         risk severity key
         software artifact analysis
         synthesizing and ranking risks
         target project team
         technical peer review
         technical risks 2nd 3rd 4th
         understanding business context
         validation
     iterative processing
     measuring and reporting risk
     process diagram
    stages of activity
         carrying out fixes and validation 2nd
         defining the risk mitigation strategy 2nd
         identifying business and technical risks 2nd
         synthesizing and ranking risks 2nd
         understanding business context 2nd
ROI (return on investment) 2nd
Rootkits
Rubin, Avi
Rules
     coverage
     example
    Fortify. [See Fortify Source Code Analysis Suite.]
     ITS4. [See also Taxonomy of coding errors, kingdoms.]
         history of
         list of
     knowledge catalog 2nd 3rd
     schema
Rules Builder