Computer security: theory, process and management
Journal of Computing Sciences in Colleges
Inside the Windows Security Push
IEEE Security and Privacy
From the Ground Up: The DIMACS Software Security Workshop
IEEE Security and Privacy
Software Security Checklist for the Software Life Cycle
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Things they would not teach me of in college: what Microsoft developers learn later
OOPSLA '03 Companion of the 18th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Methods for the prevention, detection and removal of software security vulnerabilities
ACM-SE 42 Proceedings of the 42nd annual Southeast regional conference
Security in embedded systems: Design challenges
ACM Transactions on Embedded Computing Systems (TECS)
Guest Editors' Introduction: Why Attacking Systems Is a Good Idea
IEEE Security and Privacy
Risk Analysis in Software Design
IEEE Security and Privacy
Building More Secure Software with Improved Development Processes
IEEE Security and Privacy
Queue - Quality Assurance
Application Penetration Testing
IEEE Security and Privacy
Secure Embedded Processing through Hardware-Assisted Run-Time Monitoring
Proceedings of the conference on Design, Automation and Test in Europe - Volume 1
Using regular expressions in Java
Journal of Computing Sciences in Colleges
SQL DOM: compile time checking of dynamic SQL statements
Proceedings of the 27th international conference on Software engineering
Software engineering for secure systems
Proceedings of the 27th international conference on Software engineering
Rules of thumb for secure software engineering
Proceedings of the 27th international conference on Software engineering
Attacking information visualization system usability overloading and deceiving the human
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Secure Software Development by Example
IEEE Security and Privacy
Toward an Automated Attack Model for Red Teams
IEEE Security and Privacy
A Portal for Software Security
IEEE Security and Privacy
Enhancing security through hardware-assisted run-time validation of program data properties
CODES+ISSS '05 Proceedings of the 3rd IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis
SECA: security-enhanced communication architecture
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems
Web-based interactive courseware for information security
Proceedings of the 6th conference on Information technology education
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
A threat-driven approach to modeling and verifying secure software
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Install-Time Vaccination of Windows Executables to Defend against Stack Smashing Attacks
IEEE Transactions on Dependable and Secure Computing
Preventing SQL injection attacks using AMNESIA
Proceedings of the 28th international conference on Software engineering
Software engineering for secure systems
Proceedings of the 28th international conference on Software engineering
Towards a structured unified process for software security
Proceedings of the 2006 international workshop on Software engineering for secure systems
Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Security trumps efficiency: putting it into the curriculum
Journal of Computing Sciences in Colleges
Secure software engineering teaching modules
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
Using CP-nets as a guide for countermeasure selection
Proceedings of the 2007 ACM symposium on Applied computing
Stakeholder Value Driven Threat Modeling for Off the Shelf Based Systems
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Fine-grained access control to web databases
Proceedings of the 12th ACM symposium on Access control models and technologies
On the Secure Software Development Process: CLASP and SDL Compared
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
A Threat Model Driven Approach for Security Testing
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Finding what's not there: a new approach to revealing neglected conditions in software
Proceedings of the 2007 international symposium on Software testing and analysis
Cryptanalysis of the windows random number generator
Proceedings of the 14th ACM conference on Computer and communications security
Architectural support for run-time validation of program data properties
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Experience report on using object-oriented design for software maintenance
Journal of Software Maintenance and Evolution: Research and Practice
Flow-insensitive static analysis for detecting integer anomalies in programs
SE'07 Proceedings of the 25th conference on IASTED International Multi-Conference: Software Engineering
TFTP vulnerability finding technique based on fuzzing
Computer Communications
A Probabilistic Method to Estimate Life Expectancy of Application Software
ISNN '08 Proceedings of the 5th international symposium on Neural Networks: Advances in Neural Networks
A High-level Aspect-oriented-based Framework for Software Security Hardening
Information Security Journal: A Global Perspective
Guidelines for secure software development
Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries: riding the wave of technology
Insecure context switching: inoculating regular expressions for survivability
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
Instruction-level countermeasures against stack-based buffer overflow attacks
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
Security-By-Contract for the Future Internet
Future Internet --- FIS 2008
Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
On the secure software development process: CLASP, SDL and Touchpoints compared
Information and Software Technology
Hardware-assisted run-time monitoring for secure program execution on embedded processors
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Cryptanalysis of the random number generator of the Windows operating system
ACM Transactions on Information and System Security (TISSEC)
Integrating security-related coding techniques into programming practice
SEA '07 Proceedings of the 11th IASTED International Conference on Software Engineering and Applications
Rule-based auditing system for software security assurance
ICUFN'09 Proceedings of the first international conference on Ubiquitous and future networks
KES '09 Proceedings of the 13th International Conference on Knowledge-Based and Intelligent Information and Engineering Systems: Part II
Moving from Requirements to Design Confronting Security Issues: A Case Study
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Teaching federated identity in computer and information science
Journal of Computing Sciences in Colleges
Web security patterns for analysis and design
Proceedings of the 15th Conference on Pattern Languages of Programs
Strategic games on defense trees
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Prevention of cross-site scripting attacks on current web applications
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Towards tamper resistant code encryption: practice and experience
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
IT security analysis best practices and formal approaches
Foundations of security analysis and design IV
Using implied scenarios in security testing
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
A heuristic-based approach for detecting SQL-injection vulnerabilities in web applications
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Extending applications using an advanced approach to DLL injection and API hooking
Software—Practice & Experience
ICACT'10 Proceedings of the 12th international conference on Advanced communication technology
Analyzing uncertainty in TG protection graphs with TG/MC
Journal of Computer Security
Analyzing security architectures
Proceedings of the IEEE/ACM international conference on Automated software engineering
Perturbation-based user-input-validation testing of web applications
Journal of Systems and Software
Secure applications without secure infrastructures
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
System Assurance: Beyond Detecting Vulnerabilities
System Assurance: Beyond Detecting Vulnerabilities
Security issues of a phasor data concentrator for smart grid infrastructure
EWDC '11 Proceedings of the 13th European Workshop on Dependable Computing
Towards benchmarking the trustworthiness of web applications code
EWDC '11 Proceedings of the 13th European Workshop on Dependable Computing
Addressing software application security issues
ICCOMP'06 Proceedings of the 10th WSEAS international conference on Computers
Code-motion for API migration: fixing SQL injection vulnerabilities in Java
Proceedings of the 4th Workshop on Refactoring Tools
XICE windowing toolkit: Seamless display annexation
ACM Transactions on Computer-Human Interaction (TOCHI)
Modeling security attacks with statecharts
Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS
Practical elimination of external interaction vulnerabilities in web applications
Journal of Web Engineering
Layered security architecture for threat management using multi-agent system
ACM SIGSOFT Software Engineering Notes
Using static analysis tools to detect and correct non-compliant cryptography
ACM SIGSOFT Software Engineering Notes
Software security for small development teams: a case study
Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services
Building security requirements using state transition diagram at security threat location
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Data slicing: separating the heap into independent regions
CC'05 Proceedings of the 14th international conference on Compiler Construction
The essence of data access in Cω: the power is in the dot!
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Quantitative evaluation of systems with security patterns using a fuzzy approach
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
A survey on detection techniques to prevent cross-site scripting attacks on current web applications
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Prioritizing countermeasures through the countermeasure method for software security (CM-Sec)
PROFES'10 Proceedings of the 11th international conference on Product-Focused Software Process Improvement
Security best practices: applying defense-in-depth strategy to protect the NGI_PL
Building a National Distributed e-Infrastructure - PL-Grid
A System-Aware Cyber Security architecture
Systems Engineering
Privacy-aware shared UI toolkit for nomadic environments
Software—Practice & Experience
Defence-In-Depth: Application firewalls in a defence-in-depth design
Network Security
VoIP Security: Securing IP telephony systems - best practices
Network Security
An improved secure code encryption approach based on indexed table
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Mitigating multi-threats optimally in proactive threat management
ACM SIGSOFT Software Engineering Notes
P3ERS: Privacy-Preserving PEer Review System
Transactions on Data Privacy
Interactive support for secure programming education
Proceeding of the 44th ACM technical symposium on Computer science education
deDacota: toward preventing server-side XSS via automatic code and data separation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Preventing malicious data harvesting from deallocated memory areas
Proceedings of the 6th International Conference on Security of Information and Networks
Hi-index | 0.01 |
From the Publisher:Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process-from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Short, easily digested chapters reveal proven principles, strategies, and coding techniques. The authors-two battle-scarred veterans who have solved some of the industry's toughest security problems-provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft(r) .NET security, and Microsoft ActiveX(r) development, plus practical checklists for developers, testers, and program managers.