Table of Contents


book cover
Software Security: Building Security In
By Gary McGraw
...............................................
Publisher: Addison Wesley Professional
Pub Date: January 23, 2006
Print ISBN-10: 0-321-35670-5
Print ISBN-13: 978-0-321-35670-3
Pages: 448
 



Table of Contents  | Index

   Copyright
   Advance Praise for Software Security
   Addison-Wesley Software Security Series
   Foreword
   Preface
      Who This Book Is For
      What This Book Is About
      The Series
      Contacting the Author
   Acknowledgments
   About the Author
    Part I:  Software Security Fundamentals
      Chapter 1.  Defining a Discipline
      The Security Problem
      Security Problems in Software
      Solving the Problem: The Three Pillars of Software Security
      The Rise of Security Engineering
      Chapter 2.  A Risk Management Framework
      Putting Risk Management into Practice
      How to Use This Chapter
      The Five Stages of Activity
      The RMF Is a Multilevel Loop
      Applying the RMF: KillerAppCo's iWare 1.0 Server
      The Importance of Measurement
      The Cigital Workbench
      Risk Management Is a Framework for Software Security
    Part II:  Seven Touchpoints for Software Security
      Chapter 3.  Introduction to Software Security Touchpoints
      Flyover: Seven Terrific Touchpoints
      Black and White: Two Threads Inextricably Intertwined
      Moving Left
      Touchpoints as Best Practices
      Who Should Do Software Security?
      Software Security Is a Multidisciplinary Effort
      Touchpoints to Success
      Chapter 4.  Code Review with a Tool
      Catching Implementation Bugs Early (with a Tool)
      Aim for Good, Not Perfect
      Ancient History
      Approaches to Static Analysis
      Tools from Researchland
      Commercial Tool Vendors
      Touchpoint Process: Code Review
      Use a Tool to Find Security Bugs
      Chapter 5.  Architectural Risk Analysis
      Common Themes among Security Risk Analysis Approaches
      Traditional Risk Analysis Terminology
      Knowledge Requirement
      The Necessity of a Forest-Level View
      A Traditional Example of a Risk Calculation
      Limitations of Traditional Approaches
      Modern Risk Analysis
      Touchpoint Process: Architectural Risk Analysis
      Getting Started with Risk Analysis
      Architectural Risk Analysis Is a Necessity
      Chapter 6.  Software Penetration Testing
      Penetration Testing Today
      Software Penetration Testinga Better Approach
      Incorporating Findings Back into Development
      Using Penetration Tests to Assess the Application Landscape
      Proper Penetration Testing Is Good
      Chapter 7.  Risk-Based Security Testing
      What's So Different about Security?
      Risk Management and Security Testing
      How to Approach Security Testing
      Thinking about (Malicious) Input
      Getting Over Input
      Leapfrogging the Penetration Test
      Chapter 8.  Abuse Cases
      Security Is Not a Set of Features
      What You Can't Do
      Creating Useful Abuse Cases
      Touchpoint Process: Abuse Case Development
      An Abuse Case Example
      Abuse Cases Are Useful
      Chapter 9.  Software Security Meets Security Operations
      Don't Stand So Close to Me
      Kumbaya (for Software Security)
      Come Together (Right Now)
      Future's So Bright, I Gotta Wear Shades
    Part III:  Software Security Grows Up
      Chapter 10.  An Enterprise Software Security Program
      The Business Climate
      Building Blocks of Change
      Building an Improvement Program
      Establishing a Metrics Program
      Continuous Improvement
      What about COTS (and Existing Software Applications)?
      Adopting a Secure Development Lifecycle
      Chapter 11.  Knowledge for Software Security
      Experience, Expertise, and Security
      Security Knowledge: A Unified View
      Security Knowledge and the Touchpoints
      The Department of Homeland Security Build Security In Portal
      Knowledge Management Is Ongoing
      Software Security Now
      Chapter 12.  A Taxonomy of Coding Errors
      On Simplicity: Seven Plus or Minus Two
      The Phyla
      A Complete Example
      Lists, Piles, and Collections
      Go Forth (with the Taxonomy) and Prosper
      Chapter 13.  Annotated Bibliography and References
      Annotated Bibliography: An Emerging Literature
      Software Security Puzzle Pieces
    Part IV:  Appendices
      Appendix A.  Fortify Source Code Analysis Suite Tutorial
      Section 1.  Introducing the Audit Workbench
      Section 2.  Auditing Source Code Manually
      Section 3.  Ensuring a Working Build Environment
      Section 4.  Running the Source Code Analysis Engine
      Section 5.  Exploring the Basic SCA Engine Command Line Arguments
      Section 6.  Understanding Raw Analysis Results
      Section 7.  Integrating with an Automated Build Process
      Section 8.  Using the Audit Workbench
      Section 9.  Auditing Open Source Applications
      Appendix B.  ITS4 Rules
      Appendix C.  An Exercise in Risk Analysis: Smurfware
      SmurfWare SmurfScanner Risk Assessment Case Study
      SmurfWare SmurfScanner Design for Security
      Appendix D.  Glossary
     
   InsideFrontCover
   InsideBackCover
   Index



Software Security. Building Security In
Software Security: Building Security In
ISBN: 0321356705
EAN: 2147483647
Year: 2004
Pages: 154
Authors: Gary McGraw

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net