Articoli correlati a Software Security Engineering: A Guide for Project...
Software Security Engineering: A Guide for Project Managers: A Guide for Project Managers - Brossura
Sinossi
<p style="margin: 0px;"><i>“This book’s broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle.”</i></p> <p style="margin: 0px;"> —Steve Riley, senior security strategist, Microsoft Corporation</p> <p style="margin: 0px;"> </p> <p style="margin: 0px;"><i>“There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one.”</i></p> <p style="margin: 0px;"> —Ronda Henning, senior scientist-software/security queen, Harris Corporation</p> <p style="margin: 0px;"> </p> <p style="margin: 0px;">Software that is developed from the beginning with security in mind will resist, tolerate, and recover from attacks more effectively than would otherwise be possible. While there may be no silver bullet for security, there are practices that project managers will find beneficial. With this management guide, you can select from a number of sound practices likely to increase the security and dependability of your software, both during its development and subsequently in its operation. </p> <p style="margin: 0px;"> </p> <p style="margin: 0px;"><b><i><b>Software Security Engineering </b></i></b>draws extensively on the systematic approach developed for the <b>Build Security In (BSI)</b> Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC). The book’s expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security.</p> <p style="margin: 0px;"> </p> <p style="margin: 0px;">This book will help you understand why</p> <ul> <li> <div style="margin: 0px;"> Software security is about more than just eliminating vulnerabilities and conducting penetration tests </div></li> <li> <div style="margin: 0px;"> Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks </div></li> <li> <div style="margin: 0px;"> Software security initiatives should follow a risk-management approach to identify priorities and to define what is “good enough”—understanding that software security risks will change throughout the SDLC </div></li> <li> <div style="margin: 0px;"> Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack </div></li> </ul> <br> <p style="margin: 0px;"><b>Chapter 1: Why Is Security a Software Issue? 1</b></p> <p style="margin: 0px;">1.1 Introduction 1</p> <p style="margin: 0px;">1.2 The Problem 2</p> <p style="margin: 0px;">1.3 Software Assurance and Software Security 6</p> <p style="margin: 0px;">1.4 Threats to Software Security 9</p> <p style="margin: 0px;">1.5 Sources of Software Insecurity 11</p> <p style="margin: 0px;">1.6 The Benefits of Detecting Software Security Defects Early 13</p> <p style="margin: 0px;">1.7 Managing Secure Software Development 18</p> <p style="margin: 0px;">1.8 Summary 23</p> <p style="margin: 0px;"> </p> <p style="margin: 0px;"><b>Chapter 2: What Makes Software Secure? 25</b></p> <p style="margin: 0px;">2.1 Introduction 25</p> <p style="margin: 0px;">2.2 Defining Properties of Secure Software 26</p> <p style="margin: 0px;">2.3 How to Influence the Security Properties of Software 36</p> <p style="margin: 0px;">2.4 How to Assert and Specify Desired Security Properties 61</p> <p style="margin: 0px;">2.5 Summary 71</p> <p style="margin: 0px;"> </p> <p style="margin: 0px;"><b>Chapter 3: Requirements Engineering for Secure Software 73</b></p> <p style="margin: 0px;">3.1 Introduction 73</p> <p style="margin: 0px;">3.2 Misuse and Abuse Cases 78</p> <p style="margin: 0px;">3.3 The SQUARE Process Model 84</p> <p style="margin: 0px;">3.4 SQUARE Sample Outputs 91</p> <p style="margin: 0px;">3.5 Requirements Elicitation 99</p> <p style="margin: 0px;">3.6 Requirements Prioritization 106</p> <p style="margin: 0px;">3.7 Summary 112</p> <p style="margin: 0px;"> </p> <p style="margin: 0px;"><b>Chapter 4: Secure Software Architecture and Design 115</b></p> <p style="margin: 0px;">4.1 Introduction 115</p> <p style="margin: 0px;">4.2 Software Security Practices for Architecture and Design: Architectural Risk Analysis 119</p> <p style="margin: 0px;">4.3 Software Security Knowledge for Architecture and Design: Security Principles, Security Guidelines, and Attack Patterns 137</p> <p style="margin: 0px;">4.4 Summary 148</p> <p style="margin: 0px;"> </p> <p style="margin: 0px;"><b>Chapter 5: Considerations for Secure Coding and Testing 151</b></p> <p style="margin: 0px;">5.1 Introduction 151</p> <p style="margin: 0px;">5.2 Code Analysis 152</p> <p style="margin: 0px;">5.3 Coding Practices 160</p> <p style="margin: 0px;">5.4 Software Security Testing 163</p> <p style="margin: 0px;">5.5 Security Testing Considerations Throughout the SDLC 173</p> <p style="margin: 0px;">5.6 Summary 180</p> <p style="margin: 0px;"> </p> <p style="margin: 0px;"><b>Chapter 6: Security and Complexity: System Assembly Challenges 183</b></p> <p style="margin: 0px;">6.1 Introduction 183</p> <p style="margin: 0px;">6.2 Security Failures 186</p> <p style="margin: 0px;">6.3 Functional and Attacker Perspectives for Security Analysis: Two Examples 189</p> <p style="margin: 0px;">6.4 System Complexity Drivers and Security 203</p> <p style="margin: 0px;">6.5 Deep Technical Problem Complexity 215</p> <p style="margin: 0px;">6.6 Summary 217</p> <p style="margin: 0px;"> </p> <p style="margin: 0px;"><b>Chapter 7: Governance, and Managing for More Secure Software 221</b></p> <p style="margin: 0px;">7.1 Introduction 221</p> <p style="margin: 0px;">7.2 Governance and Security 223</p> <p style="margin: 0px;">7.3 Adopting an Enterprise Software Security Framework 226</p> <p style="margin: 0px;">7.4 How Much Security Is Enough? 236</p> <p style="margin: 0px;">7.5 Security and Project Management 244</p> <p style="margin: 0px;">7.6 Maturity of Practice 259</p> <p style="margin: 0px;">7.7 Summary 266</p> <p style="margin: 0px;"> </p> <p style="margin: 0px;"><b>Chapter 8: Getting Started 267</b></p> <p style="margin: 0px;">8.1 Where to Begin 269</p> <p style="margin: 0px;">8.2 In Closing 281</p>
Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.
Informazioni sull?autore
<p style="MARGIN: 0px"><b>Julia H. Allen </b>is a senior member of the technical staff within the CERT<sup> </sup>Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. In addition to her work in software security and assurance, Allen is engaged in developing and transitioning executive outreach programs in enterprise security and governance. She is the author of <i>The CERT Guide to System and Network Security Practices</i> (Addison-Wesley, 2001), <i>Governing for Enterprise Security</i> (CMU/SEI, 2005), and the CERT Podcast Series: Security for Business Leaders (2006/2007).</p> <p style="MARGIN: 0px"> </p> <p style="MARGIN: 0px"><b>Sean Barnum</b> is a Principal Consultant at Cigital and is technical lead for their federal services practice. He has more than twenty years of experience in the software industry in the areas of development, software quality assurance, quality management, process architecture and improvement, knowledge management, and security. He is a frequent contributor and speaker for regional and national software security and software quality publications, conferences, and events. He is very active in the software assurance community and is involved in numerous knowledge standards-defining efforts, including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC), and other elements of the Software Assurance Programs of the Department of Homeland Security and the Department of Defense. He is also the lead technical subject matter expert for the Air Force Application Software Assurance Center of Excellence.</p> <p style="MARGIN: 0px"> </p> <p style="MARGIN: 0px"><b>Robert J. Ellison, Ph.D.,</b> is a member of the Survivable Systems Engineering Team within the CERT<sup> </sup>Program at the Software Engineering Institute and, in that capacity, has served in a number of technical and management roles. He was a project leader for the evaluation of software engineering development environments and associated software development tools. He was also a member of the Carnegie Mellon University team that wrote the proposal for the SEI; he joined the new FFRDC in 1985 as a founding member. Ellison regularly participates in the evaluation of software architectures and contributes from the perspective of security and reliability measures.</p> <b> <p style="MARGIN: 0px"> </p> </b> <p style="MARGIN: 0px"><b>Gary McGraw, Ph.D.,</b> is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C., area. He is a globally recognized authority on software security and the author of six best selling books on this topic. The latest is <i>Exploiting Online Games </i>(Addison-Wesley, 2008). His other titles include <i>Java Security</i>, <i>Building Secure Software</i>, <i>Exploiting Software</i>, and <i>Software Security</i>; and he is editor of the Addison-Wesley Software Security series. McGraw has also written more than ninety peer-reviewed scientific publications, authors a monthly security column for darkreading.com, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White. He serves on the Dean’s Advisory Council for the School of Informatics at Indiana University. Gary is an IEEE Computer Society Board of Governors member and produces the monthly Silver Bullet Security Podcast for <i>IEEE Security & Privacy</i> magazine.</p> <p style="MARGIN: 0px"> </p> <p style="MARGIN: 0px"><b>Nancy R. Mead, Ph.D.,</b> is a senior member of the technical staff in the Survivable Systems Engineering Group, which is part of the CERT Program at the Software Engineering Institute. Mead is also a faculty member in the Master of Software Engineering and Master of Information Systems Management programs at Carnegie Mellon University. She has more than one hundred publications and invited presentations. She is a fellow of the Institute of Electrical and Electronic Engineers, Inc. (IEEE) and the IEEE Computer Society and is also a member of the Association for Computing Machinery (ACM).</p>
Dalla quarta di copertina
<p><i>“This book’s broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle.”</i></p> <p> —Steve Riley, senior security strategist, Microsoft Corporation</p> <p> </p> <p><i>“There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one.”</i></p> <p> —Ronda Henning, senior scientist-software/security queen, Harris Corporation</p> <p> </p> <p>Software that is developed from the beginning with security in mind will resist, tolerate, and recover from attacks more effectively than would otherwise be possible. While there may be no silver bullet for security, there are practices that project managers will find beneficial. With this management guide, you can select from a number of sound practices likely to increase the security and dependability of your software, both during its development and subsequently in its operation. </p> <p> </p> <p><b><i><b>Software Security Engineering </b></i></b>draws extensively on the systematic approach developed for the <b>Build Security In (BSI)</b> Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC). The book’s expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security.</p> <p> </p> <p>This book will help you understand why</p> <ul> <li>Software security is about more than just eliminating vulnerabilities and conducting penetration tests</li> <li>Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks</li> <li>Software security initiatives should follow a risk-management approach to identify priorities and to define what is “good enough”—understanding that software security risks will change throughout the SDLC</li> <li>Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack</li> </ul> <br> <p><b>Chapter 1: Why Is Security a Software Issue? 1</b></p> <p>1.1 Introduction 1</p> <p>1.2 The Problem 2</p> <p>1.3 Software Assurance and Software Security 6</p> <p>1.4 Threats to Software Security 9</p> <p>1.5 Sources of Software Insecurity 11</p> <p>1.6 The Benefits of Detecting Software Security Defects Early 13</p> <p>1.7 Managing Secure Software Development 18</p> <p>1.8 Summary 23</p> <p> </p> <p><b>Chapter 2: What Makes Software Secure? 25</b></p> <p>2.1 Introduction 25</p> <p>2.2 Defining Properties of Secure Software 26</p> <p>2.3 How to Influence the Security Properties of Software 36</p> <p>2.4 How to Assert and Specify Desired Security Properties 61</p> <p>2.5 Summary 71</p> <p> </p> <p><b>Chapter 3: Requirements Engineering for Secure Software 73</b></p> <p>3.1 Introduction 73</p> <p>3.2 Misuse and Abuse Cases 78</p> <p>3.3 The SQUARE Process Model 84</p> <p>3.4 SQUARE Sample Outputs 91</p> <p>3.5 Requirements Elicitation 99</p> <p>3.6 Requirements Prioritization 106</p> <p>3.7 Summary 112</p> <p> </p> <p><b>Chapter 4: Secure Software Architecture and Design 115</b></p> <p>4.1 Introduction 115</p> <p>4.2 Software Security Practices for Arch</p>
Le informazioni nella sezione "Su questo libro" possono far riferimento a edizioni diverse di questo titolo.
Compra nuovo
Visualizza questo articolo
EUR 72,49
EUR 25,56 per la spedizione da U.S.A. a Italia
Destinazione, tempi e costi
Risultati della ricerca per Software Security Engineering: A Guide for Project...
Immagini fornite dal venditore
Software Security Engineering: A Guide for Project Managers
Editore:
Addison-Wesley Professional, 2008
ISBN 10: 032150917X
ISBN 13: 9780321509178
Antico o usato
Softcover
Da: Bookbot, Prague, Repubblica Ceca
Valutazione del venditore 5 su 5 stelle
Softcover. Condizione: As New. Providing readers with a set of sound practices they can selectively adopt to increase the security and dependability of software, both during its development and its operation, this guide draws extensively on the systematic approach developed for the Build Security In (BSI) Web site. Codice articolo c61de25e-5f4a-4129-9d20-a10341624f12
Quantità: 1 disponibili
Foto dell'editore
Software Security Engineering: A Guide for Project Managers (SEI Series in Software Engineering)
Editore:
Addison-Wesley Professional, 2008
ISBN 10: 032150917X
ISBN 13: 9780321509178
Antico o usato
Brossura
Da: medimops, Berlin, Germania
Valutazione del venditore 5 su 5 stelle
Condizione: acceptable. Ausreichend/Acceptable: Exemplar mit vollständigem Text und sämtlichen Abbildungen oder Karten. Schmutztitel oder Vorsatz können fehlen. Einband bzw. Schutzumschlag weisen unter Umständen starke Gebrauchsspuren auf. / Describes a book or dust jacket that has the complete text pages (including those with maps or plates) but may lack endpapers, half-title, etc. (which must be noted). Binding, dust jacket (if any), etc may also be worn. Codice articolo M0032150917X-B
Quantità: 1 disponibili
Foto dell'editore
Software Security Engineering: A Guide for Project Managers
Editore:
Addison-Wesley Professional, 2008
ISBN 10: 032150917X
ISBN 13: 9780321509178
Antico o usato
Brossura
Da: SecondSale, Montgomery, IL, U.S.A.
Valutazione del venditore 4 su 5 stelle
Condizione: Good. Item in good condition. Textbooks may not include supplemental items i.e. CDs, access codes etc. Codice articolo 00088035030
Quantità: 1 disponibili
Foto dell'editore
Software Security Engineering: A Guide for Project Managers
Editore:
Addison-Wesley Professional, 2008
ISBN 10: 032150917X
ISBN 13: 9780321509178
Antico o usato
Paperback
Da: HPB-Red, Dallas, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
Paperback. Condizione: Good. Connecting readers with great books since 1972! Used textbooks may not include companion materials such as access codes, etc. May have some wear or writing/highlighting. We ship orders daily and Customer Service is our top priority! Codice articolo S_389841152
Quantità: 1 disponibili
Foto dell'editore
Software Security Engineering: A Guide for Project Managers
Editore:
Addison-Wesley Professional, 2008
ISBN 10: 032150917X
ISBN 13: 9780321509178
Nuovo
Paperback
Da: Toscana Books, AUSTIN, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
Paperback. Condizione: new. Excellent Condition.Excels in customer satisfaction, prompt replies, and quality checks. Codice articolo Scanned032150917X
Quantità: 1 disponibili
Foto dell'editore
Software Security Engineering: A Guide for Project Managers
Editore:
Addison-Wesley Professional, 2008
ISBN 10: 032150917X
ISBN 13: 9780321509178
Nuovo
paperback
Prima edizione
Da: Textbooks_Source, Columbia, MO, U.S.A.
Valutazione del venditore 5 su 5 stelle
paperback. Condizione: New. 1st Edition. Ships in a BOX from Central Missouri! UPS shipping for most packages, (Priority Mail for AK/HI/APO/PO Boxes). Codice articolo 000900715N
Quantità: 1 disponibili
Foto dell'editore
Software Security Engineering: A Guide for Project Managers: A Guide for Project Managers
Editore:
Addison-Wesley Professional, 2008
ISBN 10: 032150917X
ISBN 13: 9780321509178
Nuovo
Paperback
Da: Mispah books, Redhill, SURRE, Regno Unito
Valutazione del venditore 4 su 5 stelle
Paperback. Condizione: New. New. book. Codice articolo ERICA829032150917X3
Quantità: 1 disponibili