December 2014
Intermediate to advanced
320 pages
8h 37m
English
book
Enterprise Software Security: A Confluence of Disciplines
by Kenneth R. van Wyk, Mark G. Graff, Dan S. Peters, Diana L. Burley
Overview
STRENGTHEN SOFTWARE SECURITY BY HELPING DEVELOPERS AND SECURITY EXPERTS WORK TOGETHER
Traditional approaches to securing software are inadequate. The solution: Bring software engineering and network security teams together in a new, holistic approach to protecting the entire enterprise. Now, four highly respected security experts explain why this “confluence” is so crucial, and show how to implement it in your organization.
Writing for all software and security practitioners and leaders, they show how software can play a vital, active role in protecting your organization. You’ll learn how to construct software that actively safeguards sensitive data and business processes and contributes to intrusion detection/response in sophisticated new ways. The authors cover the entire development lifecycle, including project inception, design, implementation, testing, deployment, operation, and maintenance. They also provide a full chapter of advice specifically for Chief Information Security Officers and other enterprise security executives.
Whatever your software security responsibilities, Enterprise
Software Security delivers indispensable big-picture
guidance–and specific, high-value recommendations you can
apply right now.
COVERAGE INCLUDES:
• Overcoming common obstacles to collaboration between
developers and IT security professionals
• Helping programmers design, write, deploy, and operate more
secure software
• Helping network security engineers use application output
more effectively
• Organizing a software security team before you’ve
even created requirements
• Avoiding the unmanageable complexity and inherent flaws of
layered security
• Implementing positive software design practices and
identifying security defects in existing designs
• Teaming to improve code reviews, clarify attack scenarios
associated with vulnerable code, and validate positive
compliance
• Moving beyond pentesting toward more comprehensive security
testing
• Integrating your new application with your existing
security infrastructure
• “Ruggedizing” DevOps by adding infosec to the
relationship between development and operations
• Protecting application security during maintenance
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.