A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
Attack net penetration testing
Proceedings of the 2000 workshop on New security paradigms
Proceedings of the 2002 ACM symposium on Applied computing
Writing Secure Code
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Software vulnerability analysis
Software vulnerability analysis
Using build-integrated static checking to preserve correctness invariants
Proceedings of the 11th ACM conference on Computer and communications security
Matching attack patterns to security vulnerabilities in software-intensive system designs
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Software Security: Building Security In
Software Security: Building Security In
Building Secure Software: How to Avoid Security Problems the Right Way (paperback) (Addison-Wesley Professional Computing Series)
Hi-index | 0.00 |
Retrofitting security implementations to a released software-intensive system or to a system under development may require significant architectural or coding changes. These late changes can be difficult and more costly than if performed early in the software process. We have created regular expression-based attack patterns that show the sequential events that occur during an attack. By performing a Security Analysis for Existing Threats (SAFE-T), software engineers can match the symbols of a regular expression to their system design. An architectural analysis that identifies security vulnerabilities early in the software process can prepare software engineers for which security implementations are necessary when coding starts. A case study involving students in an upper-level undergraduate security course suggests that SAFE-T can be performed by relatively inexperienced engineers who are not experts in security. Data from the case study also suggest that the attack patterns do not restrict themselves to vulnerabilities in specific environments.