SOFTWARE QUALITY BOOK EXCERPTS
Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering for Secure Software
Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw and Nancy R. Mead
05.20.2008
Rating: --- (out of 5)
As a registered member of SearchSoftwareQuality.com, you're entitled to a complimentary copy of Chapter 3 of Software Security Engineering: A Guide for Project Managers written by Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw and Nancy R. Mead and published by Addison-Wesley Professional. "Requirements Engineering for Secure Software" discusses systematic approaches to security requirements. These approaches take into account the perspective of the potential attacker, through which much greater security coverage is attained.
Book description:
Software that is developed from the beginning with security in mind will resist, tolerate, and recover from attacks more effectively than would otherwise be possible. While there may be no silver bullet for security, there are practices that project managers will find beneficial. With this management guide, you can select from a number of sound practices likely to increase the security and dependability of your software, both during its development and subsequently in its operation.
Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) website. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development lifecycle (SDLC). The book's expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security.
This book will help you understand why:
- Software security is about more than just eliminating vulnerabilities and conducting penetration tests.
- Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks.
- Software security initiatives should follow a risk-management approach to identify priorities and to define what is "good enough" -- understanding that software security risks will change throughout the SDLC.
- Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack.
>> Read Chapter 3: Requirements Engineering for Secure Software.
>> Buy the book
This chapter is excerpted from the book, Software Security Engineering: A Guide for Project Managers, authored by Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw and Nancy R. Mead, published by Addison-Wesley Professional, May 2008. This book is part of both The SEI Series in Software Engineering and The Addison-Wesley Software Security Series. ISBN 9780321509178. For more information please visit SafariBooksOnline.com.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSoftwareQuality.com.
Register now
to start rating these tips. Log in if you are already a member.
|
 |
 |
| |
RELATED CONTENT
 |
Software Quality Book Excerpts |
|
Clean Code: A Handbook of Agile Software Craftsmanship, Chapter 1 -- What Is Clean Code?
|
|
The Software Project Manager's Bridge to Agility: Chapter 5, Scope Management
|
|
Requirements Management Using IBM Rational RequisitePro: Chapter 1, Requirements Management
|
|
Implementing ITIL Configuration Management: Chapter 3, Determining Scope, Span and Granularity
|
|
Agile Software Development: The Cooperative Game, 2nd Edition -- Chapter 3, Communicating, Cooperating Teams
|
|
Inherent Quality Simplicity, Section V: The Evolution
|
|
Managing the Test People, Chapter 6: Keeping Your Beast Effective
|
|
Mastering the Requirements Process, 2nd Edition: Chapter 2, The Requirements Process
|
|
Outside-in Software Development: A Practical Approach to Building Successful Stakeholder-based Products -- Chapter 1, Introducing Outside-in Development
|
|
Geekonomics: The Real Cost of Insecure Software -- Chapter 1, The Foundation of Civilization
|
|
Application Security Book Excerpts |
|
Fuzzing for Software Security Testing and Quality Assurance: Chapter 3, Testing for Quality
|
|
InfoSecurity 2008 Threat Analysis, Chapter 4: XSS Theory
|
|
Google Hacking for Penetration Testers, Volume 2: Chapter 6, Locating Exploits and Finding Targets
|
|
Ajax Security -- Chapter 6, Transparency in Ajax Applications
|
|
Fuzzing: Brute Force Vulnerability Discovery -- Chapter 12, Fuzzing Frameworks
|
|
Cross Site Scripting Attacks: XSS Exploits and Defense -- Chapter 5, Advanced XSS Attack Vectors
|
|
Static Analysis as Part of the Code Review Process -- Chapter 3, Secure Programming with Static Analysis
|
|
Security Metrics: Replacing Fear, Uncertainty, and Doubt -- Chapter 3, Application Security Metrics
|
|
Forms Authentication -- Chapter 5, Professional ASP.NET 2.0 Security, Membership, and Role Management
|
|
Securing JavaServer Faces Applications -- Chapter 15, JavaServer Faces: The Complete Reference
|
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
