This is the Mobipocket version of the print
book.
"When it comes to software security, the
devil is in the details. This book tackles the details."
--Bruce Schneier, CTO and founder, Counterpane, and author of
Beyond Fear and Secrets and Lies
"McGraw's book shows you how to make the
'culture of security' part of your development
lifecycle."
--Howard A. Schmidt, Former White House Cyber Security Advisor
"McGraw is leading the charge in
software security. His advice is as straightforward as it is
actionable. If your business relies on software (and whose
doesn't), buy this book and post it up on the lunchroom
wall."
--Avi Rubin, Director of the NSF ACCURATE Center; Professor, Johns
Hopkins University; and coauthor of Firewalls and Internet
Security
Beginning where the best-selling book
Building Secure Software left off, Software
Security teaches you how to put software security
into practice.The software security best practices, or touchpoints,
described in this book have their basis in good software
engineering and involve explicitly pondering security throughout
the software development lifecycle. This means knowing and
understanding common risks (including implementation bugsand
architectural flaws), designing for security, and subjecting all
software artifacts to thorough, objective risk analyses and
testing.
Software Security
is about putting the touchpoints to work for you. Because you can
apply these touchpoints to the software artifacts you already
produce as you develop software, you can adopt this book's methods
without radically changing the way you work. Inside you'll find
detailed explanations of
- Risk management frameworks and processes
- Code review using static analysis tools
- Architectural risk analysis
- Penetration testing
- Security testing
- Abuse case development
In addition to the touchpoints,
Software Security covers knowledge
management, training and awareness, and enterprise-level software
security programs.
Now that the world agrees that software
security is central to computer security, it is time to put
philosophy into practice. Create your own secure development
lifecycle by enhancing your existing software development lifecycle
with the touchpoints described in this book. Let this expert author
show you how to build more secure software by building security
in.