O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Core Software Security

Book Description

"... an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. ... Readers are armed with firm solutions for the fight against cyber threats."
—Dr. Dena Haritos Tsamitis. Carnegie Mellon University

"... a must read for security specialists, software developers and software engineers. ... should be part of every security professional’s library."
—Dr. Larry Ponemon, Ponemon Institute

"... the definitive how-to guide for software security professionals. Dr. Ransome, Anmol Misra, and Brook Schoenfield deftly outline the procedures and policies needed to integrate real security into the software development process. ...A must-have for anyone on the front lines of the Cyber War ..."
—Cedric Leighton, Colonel, USAF (Ret.), Cedric Leighton Associates

"Dr. Ransome, Anmol Misra, and Brook Schoenfield give you a magic formula in this book - the methodology and process to build security into the entire software development life cycle so that the software is secured at the source! "
—Eric S. Yuan, Zoom Video Communications

There is much publicity regarding network security, but the real cyber Achilles’ heel is insecure software. Millions of software vulnerabilities create a cyber house of cards, in which we conduct our digital lives. In response, security people build ever more elaborate cyber fortresses to protect this vulnerable software. Despite their efforts, cyber fortifications consistently fail to protect our digital treasures. Why? The security industry has failed to engage fully with the creative, innovative people who write software.

Core Software Security expounds developer-centric software security, a holistic process to engage creativity for security. As long as software is developed by humans, it requires the human element to fix it. Developer-centric security is not only feasible but also cost effective and operationally relevant. The methodology builds security into software development, which lies at the heart of our cyber infrastructure. Whatever development method is employed, software must be secured at the source.

Book Highlights:

  • Supplies a practitioner's view of the SDL
  • Considers Agile as a security enabler
  • Covers the privacy elements in an SDL
  • Outlines a holistic business-savvy SDL framework that includes people, process, and technology
  • Highlights the key success factors, deliverables, and metrics for each phase of the SDL
  • Examines cost efficiencies, optimized performance, and organizational structure of a developer-centric software security program and PSIRT
  • Includes a chapter by noted security architect Brook Schoenfield who shares his insights and experiences in applying the book’s SDL framework

View the authors' website at http://www.androidinsecurity.com/

Table of Contents

  1. Front Cover (1/2)
  2. Front Cover (2/2)
  3. Dedication
  4. Contents (1/2)
  5. Contents (2/2)
  6. Foreword (1/2)
  7. Foreword (2/2)
  8. Preface
  9. Acknowledgments
  10. About the Authors
  11. Chapter 1 - Introduction (1/4)
  12. Chapter 1 - Introduction (2/4)
  13. Chapter 1 - Introduction (3/4)
  14. Chapter 1 - Introduction (4/4)
  15. Chapter 2 - The Secure Development Lifecycle (1/9)
  16. Chapter 2 - The Secure Development Lifecycle (2/9)
  17. Chapter 2 - The Secure Development Lifecycle (3/9)
  18. Chapter 2 - The Secure Development Lifecycle (4/9)
  19. Chapter 2 - The Secure Development Lifecycle (5/9)
  20. Chapter 2 - The Secure Development Lifecycle (6/9)
  21. Chapter 2 - The Secure Development Lifecycle (7/9)
  22. Chapter 2 - The Secure Development Lifecycle (8/9)
  23. Chapter 2 - The Secure Development Lifecycle (9/9)
  24. Chapter 3 - Security Assessment (A1): SDL Activities and Best Practices (1/4)
  25. Chapter 3 - Security Assessment (A1): SDL Activities and Best Practices (2/4)
  26. Chapter 3 - Security Assessment (A1): SDL Activities and Best Practices (3/4)
  27. Chapter 3 - Security Assessment (A1): SDL Activities and Best Practices (4/4)
  28. Chapter 4 - Architecture (A2): SDL Activities and Best Practices (1/11)
  29. Chapter 4 - Architecture (A2): SDL Activities and Best Practices (2/11)
  30. Chapter 4 - Architecture (A2): SDL Activities and Best Practices (3/11)
  31. Chapter 4 - Architecture (A2): SDL Activities and Best Practices (4/11)
  32. Chapter 4 - Architecture (A2): SDL Activities and Best Practices (5/11)
  33. Chapter 4 - Architecture (A2): SDL Activities and Best Practices (6/11)
  34. Chapter 4 - Architecture (A2): SDL Activities and Best Practices (7/11)
  35. Chapter 4 - Architecture (A2): SDL Activities and Best Practices (8/11)
  36. Chapter 4 - Architecture (A2): SDL Activities and Best Practices (9/11)
  37. Chapter 4 - Architecture (A2): SDL Activities and Best Practices (10/11)
  38. Chapter 4 - Architecture (A2): SDL Activities and Best Practices (11/11)
  39. Chapter 5 - Design and Development (A3): SDL Activities and Best Practices (1/6)
  40. Chapter 5 - Design and Development (A3): SDL Activities and Best Practices (2/6)
  41. Chapter 5 - Design and Development (A3): SDL Activities and Best Practices (3/6)
  42. Chapter 5 - Design and Development (A3): SDL Activities and Best Practices (4/6)
  43. Chapter 5 - Design and Development (A3): SDL Activities and Best Practices (5/6)
  44. Chapter 5 - Design and Development (A3): SDL Activities and Best Practices (6/6)
  45. Chapter 6 - Design and Development (A4): SDL Activities and Best Practices (1/8)
  46. Chapter 6 - Design and Development (A4): SDL Activities and Best Practices (2/8)
  47. Chapter 6 - Design and Development (A4): SDL Activities and Best Practices (3/8)
  48. Chapter 6 - Design and Development (A4): SDL Activities and Best Practices (4/8)
  49. Chapter 6 - Design and Development (A4): SDL Activities and Best Practices (5/8)
  50. Chapter 6 - Design and Development (A4): SDL Activities and Best Practices (6/8)
  51. Chapter 6 - Design and Development (A4): SDL Activities and Best Practices (7/8)
  52. Chapter 6 - Design and Development (A4): SDL Activities and Best Practices (8/8)
  53. Chapter 7 - Ship (A5): SDL Activities and Best Practices (1/6)
  54. Chapter 7 - Ship (A5): SDL Activities and Best Practices (2/6)
  55. Chapter 7 - Ship (A5): SDL Activities and Best Practices (3/6)
  56. Chapter 7 - Ship (A5): SDL Activities and Best Practices (4/6)
  57. Chapter 7 - Ship (A5): SDL Activities and Best Practices (5/6)
  58. Chapter 7 - Ship (A5): SDL Activities and Best Practices (6/6)
  59. Chapter 8 - Post-Release Support (PRSA1–5) (1/6)
  60. Chapter 8 - Post-Release Support (PRSA1–5) (2/6)
  61. Chapter 8 - Post-Release Support (PRSA1–5) (3/6)
  62. Chapter 8 - Post-Release Support (PRSA1–5) (4/6)
  63. Chapter 8 - Post-Release Support (PRSA1–5) (5/6)
  64. Chapter 8 - Post-Release Support (PRSA1–5) (6/6)
  65. Chapter 9 - Applying the SDL Framework to the Real World (1/14)
  66. Chapter 9 - Applying the SDL Framework to the Real World (2/14)
  67. Chapter 9 - Applying the SDL Framework to the Real World (3/14)
  68. Chapter 9 - Applying the SDL Framework to the Real World (4/14)
  69. Chapter 9 - Applying the SDL Framework to the Real World (5/14)
  70. Chapter 9 - Applying the SDL Framework to the Real World (6/14)
  71. Chapter 9 - Applying the SDL Framework to the Real World (7/14)
  72. Chapter 9 - Applying the SDL Framework to the Real World (8/14)
  73. Chapter 9 - Applying the SDL Framework to the Real World (9/14)
  74. Chapter 9 - Applying the SDL Framework to the Real World (10/14)
  75. Chapter 9 - Applying the SDL Framework to the Real World (11/14)
  76. Chapter 9 - Applying the SDL Framework to the Real World (12/14)
  77. Chapter 9 - Applying the SDL Framework to the Real World (13/14)
  78. Chapter 9 - Applying the SDL Framework to the Real World (14/14)
  79. Chapter 10 - Pulling It All Together: Using the SDL to Prevent Real-World Threats (1/6)
  80. Chapter 10 - Pulling It All Together: Using the SDL to Prevent Real-World Threats (2/6)
  81. Chapter 10 - Pulling It All Together: Using the SDL to Prevent Real-World Threats (3/6)
  82. Chapter 10 - Pulling It All Together: Using the SDL to Prevent Real-World Threats (4/6)
  83. Chapter 10 - Pulling It All Together: Using the SDL to Prevent Real-World Threats (5/6)
  84. Chapter 10 - Pulling It All Together: Using the SDL to Prevent Real-World Threats (6/6)
  85. Appendix - Key Success Factors, Deliverables, and Metrics for Each Phase of Our SDL Model (1/2)
  86. Appendix - Key Success Factors, Deliverables, and Metrics for Each Phase of Our SDL Model (2/2)
  87. Back Cover