Wonder Club world wonders pyramid logo
×

Software Security: Building Security In Book

Software Security: Building Security In
Be the First to Review this Item at Wonderclub
X
Software Security: Building Security In, When it comes to software security, the devil is in the details. This book tackles the details. --Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies McGraw's book shows you how to, Software Security: Building Security In
out of 5 stars based on 0 reviews
5
0 %
4
0 %
3
0 %
2
0 %
1
0 %
Digital Copy
PDF format
Original Magazine
Physical Format

Sold Out

  • Software Security: Building Security In
  • Written by author Gary McGraw
  • Published by Addison Wesley, 2006/02/03
  • "When it comes to software security, the devil is in the details. This book tackles the details." --Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies "McGraw's book shows you how to
Buy Digital  USD$99.99

WonderClub View Cart Button

WonderClub Add to Inventory Button
WonderClub Add to Wishlist Button
WonderClub Add to Collection Button

Book Categories

Authors

Foreword xix Preface xxiii Acknowledgments xxxi About the Author xxxv

Part I: Software Security Fundamentals 1

Chapter 1: Defining a Discipline 3

The Security Problem 4
Security Problems in Software 14
Solving the Problem: The Three Pillars of Software Security 25
The Rise of Security Engineering 37

Chapter 2: A Risk Management Framework 39

Putting Risk Management into Practice 40
How to Use This Chapter 41
The Five Stages of Activity 42
The RMF Is a Multilevel Loop 46
Applying the RMF: KillerAppCo's iWare 1.0 Server 48
The Importance of Measurement 73
The Cigital Workbench 76
Risk Management Is a Framework for Software Security 79

Part II: Seven Touchpoints for Software Security 81

Chapter 3: Introduction to Software Security Touchpoints 83

Flyover: Seven Terrific Touchpoints 86
Black and White: Two Threads Inextricably Intertwined 89
Moving Left 91
Touchpoints as Best Practices 94
Who Should Do Software Security? 96
Software Security Is a Multidisciplinary Effort 100
Touchpoints to Success 103

Chapter 4: Code Review with a Tool 105

Catching Implementation Bugs Early (with a Tool) 106
Aim for Good, Not Perfect 108
Ancient History 109
Approaches to Static Analysis 110
Tools from Researchland 114
Commercial Tool Vendors 123
Touchpoint Process: Code Review 135
Use a Tool to Find Security Bugs 137

Chapter 5: Architectural Risk Analysis 139

Common Themes among Security Risk Analysis Approaches 140
Traditional Risk Analysis Terminology 144
Knowledge Requirement 147
The Necessity of a Forest-Level View 148
A Traditional Example of a Risk Calculation 152
Limitations of Traditional Approaches 153
Modern Risk Analysis 154
Touchpoint Process: Architectural Risk Analysis 161
Getting Started with Risk Analysis 169
Architectural Risk Analysis Is a Necessity 170

Chapter 6: Software Penetration Testing 171

Penetration Testing Today 173
Software Penetration Testing--a Better Approach 178
Incorporating Findings Back into Development 183
Using Penetration Tests to Assess the Application Landscape 184
Proper Penetration Testing Is Good 185

Chapter 7: Risk-Based Security Testing 187

What's So Different about Security? 191
Risk Management and Security Testing 192
How to Approach Security Testing 193
Thinking about (Malicious) Input 201
Getting Over Input 203
Leapfrogging the Penetration Test 204

Chapter 8: Abuse Cases 205

Security Is Not a Set of Features 209
What You Can't Do 210
Creating Useful Abuse Cases 211
Touchpoint Process: Abuse Case Development 213
An Abuse Case Example 217
Abuse Cases Are Useful 222

Chapter 9: Software Security Meets Security Operations 223

Don't Stand So Close to Me 224
Kumbaya (for Software Security) 225
Come Together (Right Now) 232
Future's So Bright, I Gotta Wear Shades 235

Part III: Software Security Grows Up 237

Chapter 10: An Enterprise Software Security Program 239

The Business Climate 240
Building Blocks of Change 242
Building an Improvement Program 246
Establishing a Metrics Program 247
Continuous Improvement 250
What about COTS (and Existing Software Applications)? 251
Adopting a Secure Development Lifecycle 256

Chapter 11: Knowledge for Software Security 259

Experience, Expertise, and Security 261
Security Knowledge: A Unified View 262
Security Knowledge and the Touchpoints 268
The Department of Homeland Security Build Security In Portal 269
Knowledge Management Is Ongoing 274
Software Security Now 275

Chapter 12: A Taxonomy of Coding Errors 277

On Simplicity: Seven Plus or Minus Two 279
The Phyla 282
A Complete Example 290
Lists, Piles, and Collections 292
Go Forth (with the Taxonomy) and Prosper 297

Chapter 13: Annotated Bibliography and References 299

Annotated Bibliography: An Emerging Literature 299
Software Security Puzzle Pieces 318

Appendices 321

Appendix A: Fortify Source Code Analysis Suite Tutorial 323

1. Introducing the Audit Workbench 324
2. Auditing Source Code Manually 326
3. Ensuring a Working Build Environment 328
4. Running the Source Code Analysis Engine 329
5. Exploring the Basic SCA Engine Command Line Arguments 332
6. Understanding Raw Analysis Results 333
7. Integrating with an Automated Build Process 335
8. Using the Audit Workbench 339
9. Auditing Open Source Applications 342

Appendix B: ITS4 Rules 345

Appendix C: An Exercise in Risk Analysis: Smurfware 385

SmurfWare SmurfScanner Risk Assessment Case Study 385
SmurfWare SmurfScanner Design for Security 390

Appendix D: Glossary 393

Index 395


Login

  |  

Complaints

  |  

Blog

  |  

Games

  |  

Digital Media

  |  

Souls

  |  

Obituary

  |  

Contact Us

  |  

FAQ

CAN'T FIND WHAT YOU'RE LOOKING FOR? CLICK HERE!!!

X
WonderClub Home

This item is in your Wish List

Software Security: Building Security In, <i>When it comes to software security, the devil is in the details. This book tackles the details.</i>
--Bruce Schneier, CTO and founder, Counterpane, and author of <i>Beyond Fear</i> and <i>Secrets and Lies</i>
<i>McGraw's book shows you how to, Software Security: Building Security In

X
WonderClub Home

This item is in your Collection

Software Security: Building Security In, <i>When it comes to software security, the devil is in the details. This book tackles the details.</i>
--Bruce Schneier, CTO and founder, Counterpane, and author of <i>Beyond Fear</i> and <i>Secrets and Lies</i>
<i>McGraw's book shows you how to, Software Security: Building Security In

Software Security: Building Security In

X
WonderClub Home

This Item is in Your Inventory

Software Security: Building Security In, <i>When it comes to software security, the devil is in the details. This book tackles the details.</i>
--Bruce Schneier, CTO and founder, Counterpane, and author of <i>Beyond Fear</i> and <i>Secrets and Lies</i>
<i>McGraw's book shows you how to, Software Security: Building Security In

Software Security: Building Security In

WonderClub Home

You must be logged in to review the products

E-mail address:

Password: