Software Security Building Security In 1st Edition by Gary McGraw ISBN 0321356705 9780321356703

Software Security Building Security In 1st Edition by Gary McGraw – Ebook PDF Instant Download/Delivery. 0321356705, 9780321356703
Full download Software Security Building Security In 1st Edition after payment

Product details:

ISBN 10: 0321356705 
ISBN 13: 9780321356703
Author: Gary McGraw

“When it comes to software security, the devil is in the details. This book tackles the details.”
–Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies

“McGraw’s book shows you how to make the ‘culture of security’ part of your development lifecycle.”
–Howard A. Schmidt, Former White House Cyber Security Advisor

“McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn’t), buy this book and post it up on the lunchroom wall.”
–Avi Rubin, Director of the NSF ACCURATE Center; Professor, Johns Hopkins University; and coauthor of Firewalls and Internet Security

Beginning where the best-selling book Building Secure Software left off, Software Security teaches you how to put software security into practice.The software security best practices, or touchpoints, described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugsand architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing.

Software Security is about putting the touchpoints to work for you. Because you can apply these touchpoints to the software artifacts you already produce as you develop software, you can adopt this book’s methods without radically changing the way you work. Inside you’ll find detailed explanations of

• Risk management frameworks and processes
• Code review using static analysis tools
• Architectural risk analysis
• Penetration testing
• Security testing
• Abuse case development

In addition to the touchpoints, Software Security covers knowledge management, training and awareness, and enterprise-level software security programs. Now that the world agrees that software security is central to computer security, it is time to put philosophy into practice. Create your own secure development lifecycle by enhancing your existing software development lifecycle with the touchpoints described in this book. Let this expert author show you how to build more secure software by building security in.

Software Security Building Security In 1st Table of contents:

Part I: Introduction to Software Security

1. Introduction to Software Security

   • The Importance of Software Security
   • Understanding the Threats: Who Attacks Software and Why
   • The Evolving Landscape of Software Security
   • The Software Security Lifecycle
   • How Software Security Differs from Other Types of Security

2. Building Security In

   • Security as a Design Principle
   • The Role of Security in the Development Process
   • Security Throughout the Software Lifecycle
   • Developing Secure Software from the Start
   • The Business Case for Software Security

Part II: Threat Modeling and Risk Management

3. Threat Modeling

   • What Is Threat Modeling?
   • Identifying Assets and Attacks
   • The STRIDE Model for Threats
   • Tools and Techniques for Threat Modeling
   • Incorporating Threat Modeling into the Development Process

4. Risk Management

   • Understanding Risk in Software Development
   • Identifying and Classifying Risks
   • Risk Analysis Techniques
   • Managing Risk: Risk Avoidance, Mitigation, and Acceptance
   • Using Threat Modeling to Prioritize Risk

Part III: Secure Architecture and Design

5. Secure Software Architecture

   • Principles of Secure Software Architecture
   • Secure Design Patterns
   • Building Secure Systems from the Ground Up
   • Layering Security Controls
   • Designing for Resilience and Fault Tolerance

6. Designing for Security

   • Secure Design Principles
   • Minimizing the Attack Surface
   • Designing Secure Communication Protocols
   • Secure Authentication and Authorization
   • Protecting Sensitive Data

Part IV: Software Security Testing

7. Static Analysis and Source Code Analysis

   • The Role of Static Analysis in Software Security
   • Techniques for Static Analysis
   • Using Tools for Code Review and Static Analysis
   • Finding Vulnerabilities in Source Code

8. Dynamic Analysis and Penetration Testing

   • Understanding Dynamic Testing
   • Penetration Testing for Software Security
   • Tools and Techniques for Penetration Testing
   • Exploiting Vulnerabilities to Understand Their Impact

9. Fuzz Testing

   • Introduction to Fuzzing
   • Types of Fuzz Testing: Generation-based vs. Mutation-based
   • Fuzzing for Buffer Overflows and Memory Corruption
   • Using Fuzzing to Discover Vulnerabilities

Part V: Secure Software Development Lifecycle (SDLC)

10. Integrating Security into the SDLC

• The Role of Security in Different SDLC Phases
• Security in Requirements and Design
• Code Security: Secure Coding Practices
• Secure Testing and Quality Assurance
• Deployment and Post-Release Security

11. Agile Development and Security

• Security in Agile Software Development
• Integrating Security with Scrum and DevOps
• Continuous Security Monitoring and Testing
• Balancing Speed and Security in Agile Environments

Part VI: Secure Coding Practices

12. Secure Coding Principles

• Overview of Secure Coding Practices
• Avoiding Common Security Vulnerabilities
• Buffer Overflows, Injection Attacks, and Cross-Site Scripting (XSS)
• Input Validation and Output Encoding
• Secure APIs and Web Services

13. Memory Management and Exploit Mitigation

• Understanding Memory Management Vulnerabilities
• Protecting Against Buffer Overflows
• Stack and Heap Corruption Defenses
• Using Memory Safety Techniques and Tools

Part VII: Secure Deployment and Maintenance

14. Secure Software Deployment

• Ensuring Security in the Deployment Process
• Secure Configuration Management
• Protecting Software from Post-Deployment Attacks
• Managing Patches and Updates

15. Post-Deployment Security

• Monitoring for Security Vulnerabilities and Attacks
• Incident Response and Recovery
• Patch Management and Vulnerability Scanning
• Lessons Learned from Real-World Security Incidents

Part VIII: Software Security in Practice

16. Case Studies in Software Security

• Case Study 1: Real-World Software Vulnerabilities and Exploits
• Case Study 2: Lessons from Secure Software Development Projects
• Case Study 3: Analyzing a Large-Scale Security Breach
• Case Study 4: Building a Secure Web Application

People also search for Software Security Building Security In 1st:

the art of software security assessment
    
fortify software security center
    
define software security
    
effective software security includes
    
computer software security