Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] Eau Claire tool Electronic voting security Empty Catch Block phylum Empty Password in Configuration File phylum Encapsulation vulnerability kingdom 2nd Engineer gone bad Enterprise information architecture Enterprise software security basic steps business climate champions, for best practices 2nd change maturity path 2nd common pitfalls continuous improvement COTS (commercial off-the-shelf software) cultural change 2nd enterprise information architecture existing applications general framework improvement program lack of high-level commitment management without measurement metrics program over-reliance on late-lifecycle testing SDL (Secure Development Lifecycle) 2nd training without assessment Environment vulnerability kingdom 2nd Erroneous validate() Method phylum Error detection Error Handling vulnerability kingdom 2nd ESP tool Examples abuse cases 2nd Adobe Reader Diebold voting machines flaws found in architectural risk analysis 2nd 3rd Java card KillerAppCo's iWare. [See RMF (risk management framework), example.] malicious PDFs password security penetration testing 2nd risk-based security testing smart cards Smurfware exercise software developers and information security practitioners Exception Handling phylum Exploits graphs knowledge catalog 2nd Extensibility, trinity of trouble External analysis, description 2nd eXtreme programming |