- Copyright
- Advance Praise for Software Security
- Addison-Wesley Software Security Series
- Foreword
- Preface
- Acknowledgments
- About the Author
- I. Software Security Fundamentals
- 1. Defining a Discipline
- 2. A Risk Management Framework
- Putting Risk Management into Practice
- How to Use This Chapter
- The Five Stages of Activity
- The RMF Is a Multilevel Loop
- Applying the RMF: KillerAppCo’s iWare 1.0 Server
- The Importance of Measurement
- The Cigital Workbench
- Risk Management Is a Framework for Software Security
- II. Seven Touchpoints for Software Security
- 3. Introduction to Software Security Touchpoints
- 4. Code Review with a Tool
- 5. Architectural Risk Analysis
- Common Themes among Security Risk Analysis Approaches
- Traditional Risk Analysis Terminology
- Knowledge Requirement
- The Necessity of a Forest-Level View
- A Traditional Example of a Risk Calculation
- Limitations of Traditional Approaches
- Modern Risk Analysis
- Touchpoint Process: Architectural Risk Analysis
- Getting Started with Risk Analysis
- Architectural Risk Analysis Is a Necessity
- 6. Software Penetration Testing
- 7. Risk-Based Security Testing
- 8. Abuse Cases
- 9. Software Security Meets Security Operations
- III. Software Security Grows Up
- IV. Appendices
- A. Fortify Source Code Analysis Suite Tutorial
- 1. Introducing the Audit Workbench
- 2. Auditing Source Code Manually
- 3. Ensuring a Working Build Environment
- 4. Running the Source Code Analysis Engine
- 5. Exploring the Basic SCA Engine Command Line Arguments
- 6. Understanding Raw Analysis Results
- 7. Integrating with an Automated Build Process
- 8. Using the Audit Workbench
- 9. Auditing Open Source Applications
- B. ITS4 Rules
- C. An Exercise in Risk Analysis: Smurfware
- D. Glossary
- A. Fortify Source Code Analysis Suite Tutorial
- InsideFrontCover
- InsideBackCover
Three Pillars of Software Security
Applied risk management
Software security touchpoints
Knowledge
Seven Touchpoints
Code review
Architectural risk analysis
Penetration testing
Risk-based security tests
Abuse cases
Security requirements
Security operations
Seven Pernicious Kingdoms
Input validation and representation
API abuse
Security features
Time and state
Error handling
Code quality
Encapsulation
Environment
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.