T | Software Security: Building Security In

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Safeguards, architectural risk analysis [See also Mitigation strategies.]
Safety property violations
SATAN
SBI386 2nd
SD West
SDL (Secure Development Lifecycle) 2nd
SDLC (Software Development Lifecycle)
Secure Development Lifecycle (SDL) 2nd
Secure Software
SecureUML
Security
     built-in versus bolted on
     defending the perimeter, does not work
     versus software
Security Band-Aid
Security engineering, rise of
Security Features vulnerability kingdom 2nd
Security operations
     constructive/destructive nature
     description
     flyover
    inter-group cooperation. [See Software developers and information security practitioners.]
Security professionals
     abuse case development
    and software developers. [See Software developers and information security practitioners.]
     inter-group communication barriers
     origin of
     risk-based security testing
     team building
Security requirements
     constructive/destructive nature
     description
     flyover
     recommended reading
Security testing. [See Risk-based security testing.]
Security tracker
Setting Manipulation phylum
Seven kingdoms. [See Taxonomy of coding errors, kingdoms.]
Signal Handling Race Conditions phylum
SLA (service level agreement) 2nd
SLAM tool
Smart card, example
Smurfware exercise
SOA (Service Oriented Architecture) 2nd 3rd 4th
SOAP protocol
Sockets phylum
Software
    artifacts. [See Artifacts.]
     process and religion
    testing. [See Penetration testing; Risk-based security testing.]
     vulnerability, cause of problems
Software architect catfights
Software developers and information security practitioners
     abuse cases
     architectural risk analysis
     business risk analysis
     code review 2nd
     deployment and operations
     example
     information security as Boogey man
     inter-group communication barriers
     inter-group cooperation
     penetration testing
     security testing
     "ugly baby" problem
Software security
     academic courses in
     and operations
    best practices. [See Touchpoints.]
     definition 2nd
    enterprise-wide. [See Enterprise software security.]
     multidisciplinary effort
     people
     pillars of 2nd
     potential research areas
     responsibility for
     team building 2nd
     three pillars 2nd
     unique qualities of
     versus application security
     versus software safety
Software Security Manager
Software security people
Software security touchpoints 2nd
Source code
     analysis, tutorial
     analyzers, commercial vendors [See also Fortify Source Code Analysis Suite.]
    lines of
         major operating systems
         normalizing
         relation to vulnerabilities
         Windows
    reviewing. [See Code review, tools.]
     scanners 2nd
Specification checking
Splint tool
SQL injection
SQL Injection phylum
Standards-based architectural risk analysis
Static code analysis
     example
     history
STRIDE 2nd 3rd 4th
     related to attack resistance analysis
String Manipulation phylum
String Termination Error phylum
Struts phylum
Synthesizing and ranking risks, RMF 2nd
System Information Leak phylum
System testing
System.exit() phylum