Software Security and SOA: Danger, Will Robinson!
IEEE Security and Privacy
Towards agile security in web applications
Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications
Using model-based security analysis in component-oriented system development
Proceedings of the 2nd ACM workshop on Quality of protection
Teaching software security with threat modeling: conference workshop
Journal of Computing Sciences in Colleges
On the design of more secure software-intensive systems by use of attack patterns
Information and Software Technology
Secure software engineering teaching modules
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
On the Secure Software Development Process: CLASP and SDL Compared
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Security testing with Selenium
Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion
Effect of static analysis tools on software security: preliminary investigation
Proceedings of the 2007 ACM workshop on Quality of protection
Quantitative software security risk assessment model
Proceedings of the 2007 ACM workshop on Quality of protection
Executable misuse cases for modeling security concerns
Proceedings of the 30th international conference on Software engineering
Proposing SQL statement coverage metrics
Proceedings of the fourth international workshop on Software engineering for secure systems
Security metrics for source code structures
Proceedings of the fourth international workshop on Software engineering for secure systems
Why is Security a Software Issue?
The EDP Audit, Control, and Security Newsletter
An empirical model to predict security vulnerabilities using code complexity metrics
Proceedings of the Second ACM-IEEE international symposium on Empirical software engineering and measurement
Integrating web application security into the IT curriculum
SIGITE '08 Proceedings of the 9th ACM SIGITE conference on Information technology education
Is complexity really the enemy of software security?
Proceedings of the 4th ACM workshop on Quality of protection
Proceedings of the 4th ACM workshop on Quality of protection
Communications of the ACM - Security in the Browser
Secure Software Engineering: Learning from the Past to Address Future Challenges
Information Security Journal: A Global Perspective
A model-based aspect-oriented framework for building intrusion-aware software systems
Information and Software Technology
A security-aware metamodel for multi-agent systems (MAS)
Information and Software Technology
Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Training ≠ education: putting secure software engineering back in the classroom
Proceedings of the 14th Western Canadian Conference on Computing Education
On the secure software development process: CLASP, SDL and Touchpoints compared
Information and Software Technology
Software security analysis and assessment model for the web-based applications
Journal of Computational Methods in Sciences and Engineering
Data classification process for security and privacy based on a fuzzy logic classifier
International Journal of Electronic Finance
KES '09 Proceedings of the 13th International Conference on Knowledge-Based and Intelligent Information and Engineering Systems: Part II
Moving from Requirements to Design Confronting Security Issues: A Case Study
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Internet-voting: opportunity or threat for democracy?
VOTE-ID'07 Proceedings of the 1st international conference on E-voting and identity
IT security analysis best practices and formal approaches
Foundations of security analysis and design IV
Towards improved security criteria for certification of electronic health record systems
Proceedings of the 2010 ICSE Workshop on Software Engineering in Health Care
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Strengthening the empirical analysis of the relationship between Linus' Law and software security
Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement
The benefit of the CSSLP certification for educators and professionals
Journal of Computing Sciences in Colleges
Proceedings of the second annual workshop on Security and privacy in medical and home-care systems
Proceedings of the 1st ACM International Health Informatics Symposium
An automatic approach to aid process integration within a secure software processes family
ICSP'10 Proceedings of the 2010 international conference on New modeling concepts for today's software processes: software process
Controlling security of software development with multi-agent system
KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part IV
Software security aspects of Java-based mobile phones
Proceedings of the 2011 ACM Symposium on Applied Computing
Transactions on computational science XI
Agile development with security engineering activities
Proceedings of the 2011 International Conference on Software and Systems Process
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Discovering Multidimensional Correlations among Regulatory Requirements to Understand Risk
ACM Transactions on Software Engineering and Methodology (TOSEM)
Layered security architecture for threat management using multi-agent system
ACM SIGSOFT Software Engineering Notes
Idea: towards architecture-centric security analysis of software
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Idea: reusability of threat models – two approaches with an experimental evaluation
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Idea: using system level testing for revealing SQL injection-related error message information leaks
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Prioritizing countermeasures through the countermeasure method for software security (CM-Sec)
PROFES'10 Proceedings of the 11th international conference on Product-Focused Software Process Improvement
Ask WINE: are we safer today? evaluating operating system security through big data analysis
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Mathematical and Computer Modelling: An International Journal
Scanning: Network discovery and its security applications
Network Security
Managing the investment in information security technology by use of a quantitative modeling
Information Processing and Management: an International Journal
Mitigating multi-threats optimally in proactive threat management
ACM SIGSOFT Software Engineering Notes
Improving software security using search-based refactoring
SSBSE'12 Proceedings of the 4th international conference on Search Based Software Engineering
Model-driven architectural risk analysis using architectural and contextualised attack patterns
Proceedings of the Workshop on Model-Driven Security
International Journal of Electronic Government Research
A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements
International Journal of Information Security and Privacy
Knowledge of IT Project Success and Failure Factors: Towards an Integration into the SDLC
International Journal of Information Technology Project Management
Agile Software Development: The Straight and Narrow Path to Secure Software?
International Journal of Secure Software Engineering
Building Secure Software Using XP
International Journal of Secure Software Engineering
Idea: writing secure c programs with secprove
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Generic modelling of security awareness in agent based systems
Information Sciences: an International Journal
OSDC: adapting ODC for developing more secure software
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Automated software architecture security risk analysis using formalized signatures
Proceedings of the 2013 International Conference on Software Engineering
Vulnerability of the day: concrete demonstrations for software engineering undergraduates
Proceedings of the 2013 International Conference on Software Engineering
Countermeasure graphs for software security risk assessment: An action research
Journal of Systems and Software
Preventing malicious data harvesting from deallocated memory areas
Proceedings of the 6th International Conference on Security of Information and Networks
Teaching secure coding for beginning programmers
Journal of Computing Sciences in Colleges
Hi-index | 0.00 |
This is the Mobipocket version of the print book."When it comes to software security, the devil is in the details. This book tackles the details." --Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies"McGraw's book shows you how to make the 'culture of security' part of your development lifecycle." --Howard A. Schmidt, Former White House Cyber Security Advisor"McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall." --Avi Rubin, Director of the NSF ACCURATE Center; Professor, Johns Hopkins University; and coauthor of Firewalls and Internet SecurityBeginning where the best-selling book Building Secure Software left off, Software Security teaches you how to put software security into practice.The software security best practices, or touchpoints, described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugsand architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing.Software Security is about putting the touchpoints to work for you. Because you can apply these touchpoints to the software artifacts you already produce as you develop software, you can adopt this book's methods without radically changing the way you work. Inside you'll find detailed explanations of Risk management frameworks and processes Code review using static analysis tools Architectural risk analysis Penetration testing Security testing Abuse case developmentIn addition to the touchpoints, Software Security covers knowledge management, training and awareness, and enterprise-level software security programs.Now that the world agrees that software security is central to computer security, it is time to put philosophy into practice. Create your own secure development lifecycle by enhancing your existing software development lifecycle with the touchpoints described in this book. Let this expert author show you how to build more secure software by building security in.