Software Security Engineering A Guide for Project Managers 1st edition by Nancy Mead, Julia Allen, Sean Barnum, Robert Ellison, Gary McGraw ISBN 032150917X 978-0321509178

Software Security Engineering: A Guide for Project Managers 1st edition by Nancy Mead, Julia Allen, Sean Barnum, Robert Ellison, Gary McGraw – Ebook PDF Instant Download/Delivery. 032150917X 978-0321509178
Full download Software Security Engineering: A Guide for Project Managers 1st edition after payment

Product details:

ISBN 10: 032150917X
ISBN 13: 978-0321509178
Author: Nancy Mead, Julia Allen, Sean Barnum, Robert Ellison, Gary McGraw

“This book’s broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle.”

―Steve Riley, senior security strategist, Microsoft Corporation

“There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one.”

―Ronda Henning, senior scientist-software/security queen, Harris Corporation

Software that is developed from the beginning with security in mind will resist, tolerate, and recover from attacks more effectively than would otherwise be possible. While there may be no silver bullet for security, there are practices that project managers will find beneficial. With this management guide, you can select from a number of sound practices likely to increase the security and dependability of your software, both during its development and subsequently in its operation.

Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC). The book’s expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security.

This book will help you understand why

• Software security is about more than just eliminating vulnerabilities and conducting penetration tests
• Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks
• Software security initiatives should follow a risk-management approach to identify priorities and to define what is “good enough”―understanding that software security risks will change throughout the SDLC
• Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack

Software Security Engineering: A Guide for Project Managers 1st Table of contents:

Preface

• Introduction to Software Security
• The Role of Project Managers in Software Security
• How to Use This Book
• Acknowledgments

Chapter 1: Introduction to Software Security Engineering

• What is Software Security?
• The Need for Software Security Engineering
• The Software Security Lifecycle
• Key Principles of Software Security
• The Role of Project Managers in Security Engineering
• Integrating Security into the Development Lifecycle

Chapter 2: The Business Case for Software Security

• Risk and Return on Security Investments
• Business Drivers for Software Security
• Understanding Security Costs and Benefits
• Case Studies in Software Security Investment
• Communicating the Value of Security to Stakeholders
• Building a Business Case for Security Engineering in Your Projects

Chapter 3: The Software Security Process

• Defining a Software Security Engineering Process
• The Phases of Secure Software Development
• Threat Modeling and Risk Assessment
• Secure Architecture and Design Practices
• Secure Coding Techniques
• Security Testing and Evaluation
• Secure Deployment and Maintenance Practices

Chapter 4: Managing Security Requirements

• Identifying and Defining Security Requirements
• Mapping Security Requirements to Business Goals
• Requirements Gathering and Stakeholder Engagement
• Writing Effective Security Requirements
• Managing Changing Security Requirements Over Time
• Tools and Techniques for Requirements Traceability

Chapter 5: Risk Management and Threat Modeling

• The Importance of Risk Management in Software Security
• Key Concepts in Risk Management: Likelihood, Impact, and Vulnerability
• Risk Assessment Frameworks and Methodologies
• Threat Modeling: Purpose and Process
• Identifying Assets, Threats, and Vulnerabilities
• Common Threat Modeling Techniques (STRIDE, PASTA, etc.)
• Using Risk and Threat Models to Guide Security Design Decisions

Chapter 6: Secure Architecture and Design

• Building Security into Software Architecture
• Principles of Secure Design
• Designing for Resilience and Redundancy
• Security Patterns and Anti-Patterns
• Managing Security Trade-offs
• Threat Mitigation and Design Principles
• Key Tools for Secure Design Reviews

Chapter 7: Secure Coding Practices

• Secure Coding Principles and Guidelines
• Common Vulnerabilities and How to Avoid Them
• Input Validation, Authentication, and Authorization
• Memory Management and Buffer Overflows
• Secure Handling of Sensitive Data
• Secure Use of Cryptography and Key Management
• Code Reviews and Static Analysis Tools for Security

Chapter 8: Security Testing and Verification

• The Importance of Security Testing in the Development Lifecycle
• Types of Security Testing: Static, Dynamic, and Interactive
• Vulnerability Scanning and Penetration Testing
• Fuzzing and Code Auditing
• Using Threat Models to Inform Security Testing
• Tools for Security Testing (e.g., OWASP ZAP, Burp Suite)
• Measuring the Effectiveness of Security Testing

Chapter 9: Secure Deployment and Maintenance

• Securing the Software Delivery Pipeline
• Code Signing and Software Distribution
• Secure Deployment Practices (Least Privilege, Defense in Depth)
• Patch Management and Secure Configuration
• Security Monitoring and Incident Response in Production
• Managing Vulnerabilities and Exploits Post-Deployment
• Continuous Improvement and Lessons Learned

Chapter 10: Organizational Challenges and Software Security Culture

• Building a Software Security Culture Across Teams
• Overcoming Resistance to Security Practices
• Integrating Security into Agile and DevOps Environments
• Training Developers and Other Stakeholders on Security
• Metrics for Tracking and Improving Software Security
• The Role of the Project Manager in Promoting a Security Culture
• Managing Security in Large or Distributed Teams

Chapter 11: The Legal and Regulatory Landscape of Software Security

• Key Security Regulations and Standards (e.g., GDPR, HIPAA, PCI-DSS)
• Understanding Compliance and Its Impact on Software Projects
• The Role of Audits and Security Certifications
• Legal Responsibilities for Software Security
• Data Protection and Privacy Laws
• Balancing Security and Legal Requirements in Software Development

Chapter 12: Case Studies in Software Security Engineering

• Case Study 1: Building Security into a New Application
• Case Study 2: Securing Legacy Systems and Third-Party Software
• Case Study 3: Security in the Cloud: Risks and Mitigations
• Case Study 4: Responding to a Data Breach or Security Incident
• Lessons Learned from Industry Case Studies

Chapter 13: Tools and Resources for Software Security Engineering

• Security Engineering Tools for Project Managers
• Best Practices for Selecting Security Tools
• Resources for Continuous Learning in Software Security
• Communities and Standards Organizations (e.g., OWASP, NIST)
• Security Frameworks and Methodologies
• Online Resources and Training Platforms for Project Managers

Appendices

• Appendix A: Glossary of Key Terms in Software Security
• Appendix B: Recommended Reading and Resources for Software Security
• Appendix C: List of Tools for Software Security Engineering
• Appendix D: Software Security Checklists and Templates for Project Managers
• Index

People also search for Software Security Engineering: A Guide for Project Managers 1st:

software security engineering a guide for project managers pdf

software security engineering

security project management pdf

software security engineering a guide for project managers

software security engineering: a guide for project managers