“This guide’s broad overview will help a company select a set of processes, insurance policies, and techniques which are applicable for its safety maturity, threat tolerance, and improvement style. This e-book will make it easier to perceive learn how to incorporate practical security methods into all phases of the development lifecycle.”
-Steve Riley, senior safety strategist, Microsoft Company
“There are books written on some of the subjects addressed on this guide, and there are other books on secure systems engineering. Few deal with the whole life cycle with a comprehensive overview and dialogue of rising trends and matters as well as this one.”
-Ronda Henning, senior scientist-software/security queen, Harris Company
Software program that's developed from the start with safety in mind will resist, tolerate, and recuperate from assaults extra successfully than would in any other case be possible. While there could also be no silver bullet for safety, there are practices that challenge managers will discover beneficial. With this management guide, you can choose from numerous sound practices more likely to increase the security and dependability of your software, both throughout its improvement and subsequently in its operation.
Software Security Engineering draws extensively on the systematic strategy developed for the Build Safety In (BSI) Net site. Sponsored by the Department of Homeland Safety Software Assurance Program, the BSI site offers a number of instruments, tips, rules, principles, and different assets to help challenge managers deal with security issues in every phase of the software program improvement life cycle (SDLC). The ebook’s knowledgeable authors, themselves frequent contributors to the BSI site, characterize two nicely-known assets in the safety world: the CERT Program at the Software program Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software program security.
This e book will enable you understand why
Software security is about more than just eliminating vulnerabilities and conducting penetration exams
Community safety mechanisms and IT infrastructure safety services do not sufficiently defend application software from security dangers
Software security initiatives ought to follow a risk-administration approach to establish priorities and to define what's “good enough”-understanding that software program security dangers will change all through the SDLC
Challenge managers and software program engineers need to learn to think like an attacker as a way to tackle the range of functions that software program should not do, and the way software program can higher resist, tolerate, and get well when beneath attack
Chapter 1: Why Is Security a Software Difficulty? 1
1.1 Introduction 1
1.2 The Problem 2
1.3 Software program Assurance and Software program Safety 6
1.four Threats to Software program Security 9
1.5 Sources of Software Insecurity 11
1.6 The Benefits of Detecting Software Safety Defects Early thirteen
1.7 Managing Safe Software program Development 18
1.eight Abstract 23
Chapter 2: What Makes Software Safe? 25
2.1 Introduction 25
2.2 Defining Properties of Safe Software program 26
2.3 How one can Affect the Safety Properties of Software 36
2.four Easy methods to Assert and Specify Desired Safety Properties 61
2.5 Summary 71
Chapter three: Requirements Engineering for Safe Software 73
3.1 Introduction 73
3.2 Misuse and Abuse Cases 78
3.three The SQUARE Course of Mannequin eighty four
3.4 SQUARE Sample Outputs ninety one
3.5 Necessities Elicitation 99
3.6 Requirements Prioritization 106
3.7 Summary 112
Chapter 4: Secure Software program Architecture and Design a hundred and fifteen
4.1 Introduction 115
4.2 Software Security Practices for Architecture and Design: Architectural Risk Evaluation 119
4.3 Software program Security Data for Architecture and Design: Security Ideas, Security Tips, and Attack Patterns 137
4.four Summary 148
Chapter 5: Concerns for Secure Coding and Testing 151
5.1 Introduction 151
5.2 Code Analysis 152
5.three Coding Practices one hundred sixty
5.four Software Security Testing 163
5.5 Security Testing Issues All through the SDLC 173
5.6 Abstract a hundred and eighty
Chapter 6: Safety and Complexity: System Meeting Challenges 183
6.1 Introduction 183
6.2 Security Failures 186
6.three Useful and Attacker Perspectives for Safety Analysis: Two Examples 189
6.4 System Complexity Drivers and Safety 203
6.5 Deep Technical Drawback Complexity 215
6.6 Summary 217
Chapter 7: Governance, and Managing for More Safe Software program 221
7.1 Introduction 221
7.2 Governance and Safety 223
7.three Adopting an Enterprise Software Security Framework 226
7.4 How A lot Security Is Enough? 236
7.5 Security and Undertaking Administration 244
7.6 Maturity of Observe 259
7.7 Summary 266
Chapter eight: Getting Began 267
8.1 Where to Start 269
8.2 In Closing 281
More details about this book
or
Download Software Security Engineering PDF Ebook
