Book description
Introducing users to existing software development life cycle (SDLC) models, this book explains their weakness and shows how to build security practices into these models. After working with Fortune 500 companies, the authors have often seen examples of a breakdown in SDLC practices. They supply a realistic look at how to best apply available Secure Software Development Lifecycle (SSDLC) models. e. The text proposes improvements in applying these models to the software code. Case studies from Linux, Apache, and web applications walk readers through examples of how to implement improved practices.
Table of contents
- Cover
- Half Title
- Title Page
- Copyright Page
- Contents
- Dedication
- Foreword
- Preface
- Acknowledgments
- About the Authors
-
Chapter 1 Introduction
- 1.1 The Importance and Relevance of Software Security
- 1.2 Software Security and the Software Development Lifecycle
- 1.3 Quality Versus Secure Code
- 1.4 The Three Most Important SDL Security Goals
- 1.5 Threat Modeling and Attack Surface Validation
- 1.6 Chapter Summary—What to Expect from This Book
- References
-
Chapter 2 The Secure Development Lifecycle
- 2.1 Overcoming Challenges in Making Software Secure
- 2.2 Software Security Maturity Models
- 2.3 ISO/IEC 27034—Information Technology—Security Techniques—Application Security
-
2.4 Other Resources for SDL Best Practices
- 2.4.1 SAFECode
- 2.4.2 U.S. Department of Homeland Security Software Assurance Program
- 2.4.3 National Institute of Standards and Technology
- 2.4.4 MITRE Corporation Common Computer Vulnerabilities and Exposures
- 2.4.5 SANS Institute Top Cyber Security Risks
- 2.4.6 U.S. Department of Defense Cyber Security and Information Systems Information Analysis Center (CSIAC)
- 2.4.7 CERT, Bugtraq, and SecurityFocus
- 2.5 Critical Tools and Talent
- 2.6 Principles of Least Privilege
- 2.7 Privacy
- 2.8 The Importance of Metrics
- 2.9 Mapping the Security Development Lifecycle to the Software Development Lifecycle
- 2.10 Software Development Methodologies
- 2.3 Chapter Summary
- References
- Chapter 3 Security Assessment (A1): SDL Activities and Best Practices
- Chapter 4 Architecture (A2): SDL Activities and Best Practices
- Chapter 5 Design and Development (A3): SDL Activities and Best Practices
- Chapter 6 Design and Development (A4): SDL Activities and Best Practices
- Chapter 7 Ship (A5): SDL Activities and Best Practices
-
Chapter 8 Post-Release Support (PRSA1–5)
- 8.1 Right-Sizing Your Software Security Group
- 8.2 PRSA1: External Vulnerability Disclosure Response
- 8.3 PRSA2: Third-Party Reviews
- 8.4 PRSA3: Post-Release Certifications
- 8.5 PRSA4: Internal Review for New Product Combinations or Cloud Deployments
- 8.6 PRSA5: Security Architectural Reviews and Tool-Based Assessments of Current, Legacy, and M&A Products and Solutions
- 8.7 Key Success Factors
- 8.8 Deliverables
- 8.9 Metrics
- 8.10 Chapter Summary
- References
-
Chapter 9 Applying the SDL Framework to the Real World
- 9.0 Introduction
- 9.1 Build Software Securely
- 9.2 Determining the Right Activities for Each Project
- 9.3 Architecture and Design
- 9.4 Testing
- 9.5 Agile: Sprints
-
9.6 Key Success Factors and Metrics
- 9.6.1 Secure Coding Training Program
- 9.6.2 Secure Coding Frameworks (APIs)
- 9.6.3 Manual Code Review
- 9.6.4 Independent Code Review and Testing (by Experts or Third Parties)
- 9.6.5 Static Analysis
- 9.6.6 Risk Assessment Methodology
- 9.6.7 Integration of SDL with SDLC
- 9.6.8 Development of Architecture Talent
- 9.7 Metrics
- 9.8 Chapter Summary
- References
-
Chapter 10 Pulling It All Together: Using the SDL to Prevent Real-World Threats
- 10.1 Strategic, Tactical, and User-Specific Software Attacks
- 10.2 Overcoming Organizational and Business Challenges with a Properly Designed, Managed, and Focused SDL
- 10.3 Software Security Organizational Realities and Leverage
- 10.4 Overcoming SDL Audit and Regulatory Challenges with Proper Governance Management
- 10.5 Future Predications for Software Security
- 10.6 Conclusion
- References
- Appendix
- Index
Product information
- Title: Core Software Security
- Author(s):
- Release date: October 2018
- Publisher(s): Auerbach Publications
- ISBN: 9780429623646
You might also like
book
Software Security: Building Security In
"When it comes to software security, the devil is in the details. This book tackles the …
book
Cyber Security and Network Security
CYBER SECUTIRY AND NETWORK SECURITY Written and edited by a team of experts in the field, …
book
Practical Internet of Things Security - Second Edition
A practical, indispensable security guide that will navigate you through the complex realm of securely building …
book
Application Security Program Handbook
Stop dangerous threats and secure your vulnerabilities without slowing down delivery. This practical book is a …