Note: Supplemental materials are not guaranteed with Rental or Used book purchases.
Purchase Benefits
What is included with this book?
Gary McGraw, Cigital, Inc.'s CTO, is a world authority on software security. Dr. McGraw is coauthor of five best selling books: Exploiting Software (Addison-Wesley, 2004), Building Secure Software (Addison-Wesley, 2001), Software Fault Injection (Wiley 1998), Securing Java (Wiley, 1999), and Java Security (Wiley, 1996). His new book, Software Security: Building Security In (Addison-Wesley 2006) was released in February 2006. As a consultant, Dr. McGraw provides strategic advice to major software producers and consumers. Dr. McGraw has written over ninety peer-reviewed technical publications and functions as principal investigator on grants from DARPA, National Science Foundation, and NIST's Advanced Technology Program. He serves on Advisory Boards of Authentica, Counterpane, and Fortify Software, as well as advising the CS Department at UC Davis, the CS Department at UVa, and the School of Informatics at Indiana University. Dr. McGraw holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from UVa. He is a member of the IEEE Security and Privacy Task Force, and was recently elected to the IEEE Computer Society Board of Governors. He is the producer of the Silver Bullet Security Podcast for IEEE Security & Privacy magazine, writes a monthly column for darkreading.com, and is often quoted in the press.
Defining a discipline | p. 3 |
A risk management framework | p. 39 |
Introduction to software security touchpoints | p. 83 |
Code review with a tool | p. 105 |
Architectural risk analysis | p. 139 |
Software penetration testing | p. 171 |
Risk-based security testing | p. 187 |
Abuse cases | p. 205 |
Software security meets security operations | p. 223 |
An enterprise software security program | p. 239 |
Knowledge for software security | p. 259 |
A taxonomy of coding errors | p. 277 |
Annotated bibliography and references | p. 299 |
Fortify source code analysis suite tutorial | p. 323 |
ITS4 rules | p. 345 |
An exercise in risk analysis : Smurfware | p. 385 |
Table of Contents provided by Blackwell. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.