Home Page Icon
Home Page
Table of Contents for
References
Close
References
by Nancy R. Mead, Gary McGraw, Robert J. Ellison, Sean Barnum, Julia H. Allen
Software Security Engineering: A Guide for Project Managers
Copyright
Foreword
Preface
The Problem Addressed by This Book
Software’s Vulnerability to Attack
Why We Wrote This Book: Its Purpose, Goals, and Scope
The Challenge of Software Security Engineering
What Readers Can Expect
Who Should Read This Book
How This Book Is Organized
Notes to the Reader
Navigating the Book’s Content
Build Security In: A Key Resource
Start the Journey
Acknowledgments
About the Authors
Julia H. Allen
Sean Barnum
Robert J. Ellison
Gary McGraw
Nancy R. Mead
1. Why Is Security a Software Issue?
1.1. Introduction
1.2. The Problem
1.2.1. System Complexity: The Context within Which Software Lives
1.3. Software Assurance and Software Security
1.3.1. The Role of Processes and Practices in Software Security
1.4. Threats to Software Security
1.5. Sources of Software Insecurity
1.6. The Benefits of Detecting Software Security Defects Early
1.6.1. Making the Business Case for Software Security: Current State
1.7. Managing Secure Software Development
1.7.1. Which Security Strategy Questions Should I Ask?
1.7.2. A Risk Management Framework for Software Security
1.7.3. Software Security Practices in the Development Life Cycle
1.8. Summary
2. What Makes Software Secure?
2.1. Introduction
2.2. Defining Properties of Secure Software
2.2.1. Core Properties of Secure Software
2.2.2. Influential Properties of Secure Software
Dependability and Security
Correctness and Security
“Small” Faults, Big Consequences
Predictability and Security
Reliability, Safety, and Security
Size, Complexity, Traceability, and Security
2.3. How to Influence the Security Properties of Software
2.3.1. The Defensive Perspective
Addressing the Expected: Security Architecture and Features
Addressing the Unexpected: Avoiding, Removing, and Mitigating Weaknesses
Application Defense
Software Security
Attack Resistance, Attack Tolerance, and Attack Resilience
2.3.2. The Attacker’s Perspective
The Attacker’s Advantage
Finding a Way to Represent the Attacker’s Perspective
What Does an Attack Pattern Look Like?
Leveraging Attack Patterns in All Phases of the Software Development Life Cycle
Leveraging Attack Patterns in Positive and Negative Security Requirements
Leveraging Attack Patterns in Architecture and Design
Leveraging Attack Patterns in Implementation and Coding
Leveraging Attack Patterns in Software Security Testing
2.4. How to Assert and Specify Desired Security Properties
2.4.1. Building a Security Assurance Case
2.4.2. A Security Assurance Case Example
2.4.3. Incorporating Assurance Cases into the SDLC
2.4.4. Related Security Assurance and Compliance Efforts
Security-Privacy Laws and Regulations
Common Criteria
2.4.5. Maintaining and Benefitting from Assurance Cases
2.5. Summary
3. Requirements Engineering for Secure Software
3.1. Introduction
3.1.1. The Importance of Requirements Engineering
3.1.2. Quality Requirements
3.1.3. Security Requirements Engineering
3.2. Misuse and Abuse Cases
3.2.1. Security Is Not a Set of Features
3.2.2. Thinking About What You Can’t Do
3.2.3. Creating Useful Misuse Cases
3.2.4. An Abuse Case Example
3.3. The SQUARE Process Model
3.3.1. A Brief Description of SQUARE
3.3.2. Tools
3.3.3. Expected Results
3.4. SQUARE Sample Outputs
3.4.1. Output from SQUARE Steps
Step 1: Agree on Definitions
Step 2: Identify Security Goals
Step 3: Develop Artifacts
Step 4: Perform Risk Assessment
Step 5: Select Elicitation Techniques
Steps 6 and 7: Elicit and Categorize Security Requirements
Step 8: Prioritize Requirements
Step 9: Requirements Inspection
3.4.2. SQUARE Final Results
3.5. Requirements Elicitation
3.5.1. Overview of Several Elicitation Methods
Misuse Cases
Soft Systems Methodology (SSM)
Quality Function Deployment (QFD)
Controlled Requirements Expression (CORE)
Issue-Based Information Systems (IBIS)
Joint Application Development (JAD)
Feature-Oriented Domain Analysis (FODA)
Critical Discourse Analysis (CDA)
Accelerated Requirements Method (ARM)
3.5.2. Elicitation Evaluation Criteria
Additional Considerations
3.6. Requirements Prioritization
3.6.1. Identify Candidate Prioritization Methods
Binary Search Tree (BST)
Numeral Assignment Technique
Planning Game
100-Point Method
Theory-W
Requirements Triage
Wiegers’ Method
Requirements Prioritization Framework
AHP
3.6.2. Prioritization Technique Comparison
3.6.3. Recommendations for Requirements Prioritization
3.7. Summary
4. Secure Software Architecture and Design
4.1. Introduction
4.1.1. The Critical Role of Architecture and Design
4.1.2. Issues and Challenges
4.2. Software Security Practices for Architecture and Design: Architectural Risk Analysis,
4.2.1. Software Characterization
4.2.2. Threat Analysis
4.2.3. Architectural Vulnerability Assessment
Attack Resistance Analysis
Ambiguity Analysis
Dependency Analysis
Vulnerability Classification
Mapping Threats and Vulnerabilities
4.2.4. Risk Likelihood Determination
4.2.5. Risk Impact Determination
Identify Threatened Assets
Identify Business Impact
Risk Exposure Statement
4.2.6. Risk Mitigation Planning
4.2.7. Recapping Architectural Risk Analysis
4.3. Software Security Knowledge for Architecture and Design: Security Principles, Security Guidelines, and Attack Patterns
4.3.1. Security Principles
The Principles for Software Security
The Principle of Least Privilege
The Principle of Failing Securely
The Principle of Securing the Weakest Link
The Principle of Defense in Depth
The Principle of Separation of Privilege
The Principle of Economy of Mechanism
The Principle of Least Common Mechanism
The Principle of Reluctance to Trust
The Principle of Never Assuming That Your Secrets Are Safe
The Principle of Complete Mediation
The Principle of Psychological Acceptability
The Principle of Promoting Privacy
Recapping Security Principles
4.3.2. Security Guidelines
What Do Security Guidelines Look Like?
Guideline: Follow the Rules Regarding Concurrency Management
Competing “Systems” (Time of Check/Time of Use)
Competing Threads within a “System” (Races)
Security Policies to Be Preserved
How to Recognize This Defect
Recapping Security Guidelines
4.3.3. Attack Patterns
4.4. Summary
5. Considerations for Secure Coding and Testing
5.1. Introduction
5.2. Code Analysis
5.2.1. Common Software Code Vulnerabilities
Input Validation
Exceptions
Buffer Overflows
SQL Injection
Race Conditions
5.2.2. Source Code Review
Static Code Analysis Tools
Metric Analysis
Code Analysis Process Diagrams
5.3. Coding Practices
5.3.1. Sources of Additional Information on Secure Coding
5.4. Software Security Testing
5.4.1. Contrasting Software Testing and Software Security Testing
Security Testing Methods
5.4.2. Functional Testing
Some Caveats
Testing Beyond Requirements
5.4.3. Risk-Based Testing
Defining Tests for Negative Requirements
5.5. Security Testing Considerations Throughout the SDLC
5.5.1. Unit Testing
5.5.2. Testing Libraries and Executable Files
5.5.3. Integration Testing
5.5.4. System Testing
Black-Box Testing
Penetration Testing
5.5.5. Sources of Additional Information on Software Security Testing
5.6. Summary
6. Security and Complexity: System Assembly Challenges
6.1. Introduction
6.2. Security Failures
6.2.1. Categories of Errors
6.2.2. Attacker Behavior
6.3. Functional and Attacker Perspectives for Security Analysis: Two Examples
6.3.1. Web Services: Functional Perspective
6.3.2. Web Services: Attacker’s Perspective
6.3.3. Identity Management: Functional Perspective
6.3.4. Identity Management: Attacker’s Perspective
6.3.5. Identity Management and Software Development
6.4. System Complexity Drivers and Security
6.4.1. Wider Spectrum of Failures
Partitioning Security Analysis
Mitigations
6.4.2. Incremental and Evolutionary Development
6.4.3. Conflicting or Changing Goals Complexity
Mitigations
6.5. Deep Technical Problem Complexity
Mitigations
6.6. Summary
7. Governance, and Managing for More Secure Software
7.1. Introduction
7.2. Governance and Security
7.2.1. Definitions of Security Governance
7.2.2. Characteristics of Effective Security Governance and Management
7.3. Adopting an Enterprise Software Security Framework
7.3.1. Common Pitfalls
Lack of Software Security Goals and Vision
Creating a New Group
Software Security Best Practices Nonexistent
Software Risk Doesn’t Support Decision Making
Tools as the Answer
7.3.2. Framing the Solution
“Who, What, When” Structure
Focus on Resisting Attack, Not Including Security Features
Possess Five Competencies
7.3.3. Define a Roadmap
7.4. How Much Security Is Enough?
7.4.1. Defining Adequate Security
Risk Tolerance
7.4.2. A Risk Management Framework for Software Security
Five Stages of Activity
1. Understand the Business Context
2. Identify Business and Technical Risks
3. Synthesize and Prioritize Risks
4. Define the Risk Mitigation Strategy
5. Fix the Problems and Validate the Fixes
Measurement and Reporting on Risk
The Multilevel-Loop Nature of the RMF
7.5. Security and Project Management
7.5.1. Project Scope
7.5.2. Project Plan
Software Security Practices in the Development Life Cycle
Activities Required to Complete Deliverables
7.5.3. Resources
Tools
Knowledge and Expertise
7.5.4. Estimating the Nature and Duration of Required Resources
7.5.5. Project and Product Risks
7.5.6. Measuring Software Security
Process Measures for Secure Development
Product Measures for Secure Development
7.6. Maturity of Practice
7.6.1. Protecting Information
7.6.2. Audit’s Role
7.6.3. Operational Resilience and Convergence
7.6.4. A Legal View
7.6.5. A Software Engineering View
7.6.6. Exemplars
7.7. Summary
8. Getting Started
8.1. Where to Begin
8.2. In Closing
Glossary
References
Build Security In Web Site References
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Glossary
Next
Next Chapter
Appendix . References
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset