did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780321356703

Software Security Building Security In

by
  • ISBN13:

    9780321356703

  • ISBN10:

    0321356705

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2006-01-23
  • Publisher: Addison-Wesley Professional

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $74.99 Save up to $26.25
  • Rent Book $48.74
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 24-48 HOURS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Summary

Expert author, Gary McGraw, shows how to build more secure software by building security in.

Author Biography

Gary McGraw, Cigital, Inc.'s CTO, is a world authority on software security. Dr. McGraw is coauthor of five best selling books: Exploiting Software (Addison-Wesley, 2004), Building Secure Software (Addison-Wesley, 2001), Software Fault Injection (Wiley 1998), Securing Java (Wiley, 1999), and Java Security (Wiley, 1996). His new book, Software Security: Building Security In (Addison-Wesley 2006) was released in February 2006. As a consultant, Dr. McGraw provides strategic advice to major software producers and consumers. Dr. McGraw has written over ninety peer-reviewed technical publications and functions as principal investigator on grants from DARPA, National Science Foundation, and NIST's Advanced Technology Program. He serves on Advisory Boards of Authentica, Counterpane, and Fortify Software, as well as advising the CS Department at UC Davis, the CS Department at UVa, and the School of Informatics at Indiana University. Dr. McGraw holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from UVa. He is a member of the IEEE Security and Privacy Task Force, and was recently elected to the IEEE Computer Society Board of Governors. He is the producer of the Silver Bullet Security Podcast for IEEE Security & Privacy magazine, writes a monthly column for darkreading.com, and is often quoted in the press.

Table of Contents

Defining a disciplinep. 3
A risk management frameworkp. 39
Introduction to software security touchpointsp. 83
Code review with a toolp. 105
Architectural risk analysisp. 139
Software penetration testingp. 171
Risk-based security testingp. 187
Abuse casesp. 205
Software security meets security operationsp. 223
An enterprise software security programp. 239
Knowledge for software securityp. 259
A taxonomy of coding errorsp. 277
Annotated bibliography and referencesp. 299
Fortify source code analysis suite tutorialp. 323
ITS4 rulesp. 345
An exercise in risk analysis : Smurfwarep. 385
Table of Contents provided by Blackwell. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Excerpts

Software security has come a long way in the last few years, but we've really only just begun. Software security is the practice of building software to be secure and to function properly under malicious attack. The underlying concepts behind Software Security have developed over almost a decade and were first described inBuilding Secure SoftwareViega and McGraw 2001 andExploiting SoftwareHoglund and McGraw 2004. This book begins where its predecessors left off, describing in detail how to put software security into practice. After completingJava SecurityMcGraw and Felten 1996 and following it up withSecuring JavaMcGraw and Felten 1999, I began wondering how it was that such excellent designers, engineers, and architects went astray when it came to security. What was it about software that made security such a problem? If you wanted to build secure software, how would you do it? These questions and the perseverance of John Viega led toBuilding Secure Software. Building Secure Software (BSS), the white hat book, seems to have touched off a revolution. Security people who once relied solely on firewalls, intrusion detection, and antivirus mechanisms came to understand and embrace the necessity of better software.BSSprovides a coherent and sensible philosophical foundation for the blossoming field of software security. Exploiting Software (ES), the black hat book, provides a much-needed balance, teaching how to break software and how malicious hackers write exploits.ESis meant as a reality check for software security, ensuring that the good guys address real attacks and invent and peddle solutions that actually work. The two books are in some sense mirror images. Software Securityunifies the two sides of software security--attack and defense, exploiting and designing, breaking and building--into a coherent whole. Like the yin and the yang, software security requires a careful balance. Who This Book Is For Software Securityis a "how to" book for software security. In most organizations, software security is nobody's job, when software security really should be everyone's job. Hopefully this book will help explain both why this is so and what to do about it. The number one audience for the book is software security professionals. If your job is to analyze software for security problems, you will find this book filled to the brim with ideas and processes that you can apply today. Software security professionals should seek to use each of the best practices (which I call touchpoints) throughout the software lifecycle, follow a risk management framework, and call on software security knowledge. If you're a software security person, I'm afraid you'll have to read the whole book. As computer security evolves, the job of security analysis gets more complicated. Computer security professionals will benefit greatly from Chapters 1, 2, and 9. Chapter 1 provides a discussion of the software security problem and can help justify attention to software security. As philosophy in action, the risk management framework of Chapter 2 is directly applicable to computer security, regardless of software. Chapter 9 in particular was written for computer security professionals who may not necessarily know much about software. Turns out there is plenty for operational security people to do to enhance and support software security. We need your help. Software developers and architects almost always enjoy learning new things. Hopefully, the lessons of Software Security will find their way into many development shops. Software people will probably benefit most from the description of code review and architectural risk analysis in Chapters 4 and 5, as well as the taxonomy of coding errors described in Chapter 12. Of course, all of the best practices described in this book are designed to be directly applicable by those at the

Rewards Program