Secure Software Design

With the multitude of existing attacks that are known to date and the number that will continue to emerge, software security is in a reactive state and many have predicted that it will remain so for the foreseeable future; this book seeks to change that opinion by presenting a practical guide to proactive software security. Secure Software Design is written for the student, the developer, and management to bring a new way of thinking to secure software design. The focus of this book is on analyzing risks, understanding likely points of attack, and pre-deciding how your software will deal with the attack that will inevitably arise. By looking at the systemic threats in any deployment environment and studying the vulnerabilities of your application, this book will show you how to construct software that can deal with attacks both known and unknown instead of waiting for catastrophe and the cleanup efforts of tomorrow. Hands-on examples and simulated cases for the novice and the professional support each chapter by demonstrating the principles presented.

PartPart I Background and Introduction
ChapterChapter 1 Introduction
ChapterChapter 2 Current and Emerging Threats
PartPart II Systemic Threats
ChapterChapter 3 The Network Environment
ChapterChapter 4 The Operating System Environment
ChapterChapter 5 The Database Environment
ChapterChapter 6 Programming Languages
PartPart III Secure Software Design
ChapterChapter 7 Security Requirements Planning
ChapterChapter 8 Vulnerability Mapping
ChapterChapter 9 Development and Implementation
ChapterChapter 10 Application Review and Testing
ChapterChapter 11 Incorporating SSD with the SDLC
PartPart IV Redefining Security
ChapterChapter 12 Personnel Training
ChapterChapter 13 A Culture of Security
PartPart V Advanced Threat Analysis
ChapterChapter 14 Web Application Threats
ChapterChapter 15 Secure Data Management
ChapterChapter 16 Zero Day and Beyond