Software that is developed from the beginning with security in mind will resist, tolerate, and recover from attacks more effectively than would otherwise be possible. While there may be no silver bullet for security, there are practices that project managers will find beneficial. With this management guide, you can select from a number of sound practices likely to increase the security and dependability of your software, both during its development and subsequently in its operation.

Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC). The book’s expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security.

This book will help you understand why

    * Software security is about more than just eliminating vulnerabilities and conducting penetration tests
    * Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks
    * Software security initiatives should follow a risk-management approach to identify priorities and what is "good enough"—understanding that software security risks will change throughout the SDLC
    * Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack

Whether you are a project manager, lead requirements analyst, software architect, or systems integrator, you will learn how to manage the development of secure, software-intensive systems. You’ll also come away with the tools you need to identify and compare potential new practices that can be adapted to augment your current practices.
You would..
Share
Related Documents
  1. [Ebook] Exploiting Software How to Break Code (2692)
  2. @RISK : Computer Security News/Newsletters (858)
  3. Qualys Newsletter : Security Testing Newsletter (868)
  4. Effective Workflow for Fixing Network Vulnerabilities and Policy Compliance (559)
  5. The Art of Software Security Testing (815)
  6. Using JTest for Security Testing (1875)
  7. Software Security with Static Code Analysis Using CAT.NET (Level 200) (549)
  8. Microsoft Security Development Lifecycle (SDL) (660)
  9. Uncover Software Security Vulnerabilities Off the Beaten Path (481)
  10. Software Security Testing Whitepapers and Demos (642)
  11. Modern Web Application Attacks (546)
  12. [Free] x5s : XSS security testing assistant tool (1734)
  13. Web Security Testing Glossary (1652)
  14. Types of Web Security Testing? (1054)
  15. [Paid] Cenzic Hailstorm :Tests Website Security (2973)
  16. [Free] Exploit-Me : Web application security testing tools (2766)
  17. Introduction To Security Testing (1836)
  18. Testing Database Security (2262)
  19. Security Focus : Newsletter Archive (1342)
  20. Mobile Application Testing (893)