Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC).
The book’s expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security.
Print ISBN-10: 0-321-50917-X
Print ISBN-13: 978-0-321-50917-8
eText ISBN-10: 0-321-55968-1
eText ISBN-13: 978-0-321-55968-5
Chapter 1. Why Is Security a Software Issue?
Section 1.1. Introduction
Section 1.2. The Problem
Section 1.3. Software Assurance and Software Security
Section 1.4. Threats to Software Security
Section 1.5. Sources of Software Insecurity
Section 1.6. The Benefits of Detecting Software Security Defects Early
Section 1.7. Managing Secure Software Development
Section 1.8. Summary
Chapter 2. What Makes Software Secure?
Section 2.1. Introduction
Section 2.2. Defining Properties of Secure Software
Section 2.3. How to Influence the Security Properties of Software
Section 2.4. How to Assert and Specify Desired Security Properties
Section 2.5. Summary
Chapter 3. Requirements Engineering for Secure Software
Section 3.1. Introduction
Section 3.2. Misuse and Abuse Cases
Section 3.3. The SQUARE Process Model
Section 3.4. SQUARE Sample Outputs
Section 3.5. Requirements Elicitation
Section 3.6. Requirements Prioritization
Section 3.7. Summary
Chapter 4. Secure Software Architecture and Design
Section 4.1. Introduction
Section 4.2. Software Security Practices for Architecture and Design: Architectural Risk Analysis
Section 4.3. Software Security Knowledge for Architecture and Design: Security Principles, Security Guidelines, and Attack Patterns
Section 4.4. Summary
Chapter 5. Considerations for Secure Coding and Testing
Section 5.1. Introduction
Section 5.2. Code Analysis
Section 5.3. Coding Practices
Section 5.4. Software Security Testing
Section 5.5. Security Testing Considerations Throughout the SDLC
Section 5.6. Summary
Chapter 6. Security and Complexity: System Assembly Challenges
Section 6.1. Introduction
Section 6.2. Security Failures
Section 6.3. Functional and Attacker Perspectives for Security Analysis: Two Examples
Section 6.4. System Complexity Drivers and Security
Section 6.5. Deep Technical Problem Complexity
Section 6.6. Summary
Chapter 7. Governance, and Managing for More Secure Software
Section 7.1. Introduction
Section 7.2. Governance and Security
Section 7.3. Adopting an Enterprise Software Security Framework
Section 7.4. How Much Security Is Enough?
Section 7.5. Security and Project Management
Section 7.6. Maturity of Practice
Section 7.7. Summary
Chapter 8. Getting Started
Section 8.1. Where to Begin
Section 8.2. In Closing
Download:
Link_1
Software Security Engineering: A Guide for Project Managers (The SEI Series in Software Engineering)
Labels:
Ebooks,
Software Engineering
0 comments:
Posting Komentar