Software Security Engineering A Guide for Project Managers

by ; ; ; ;
  • ISBN13:


  • ISBN10:


  • Edition: 1st
  • Format: Paperback
  • Copyright: 2008-05-01
  • Publisher: Addison-Wesley Professional

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $63.41 Save up to $12.68
  • Rent Book $50.73
    Add to Cart Free Shipping


Supplemental Materials

What is included with this book?


"This bookrs"s broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle." Steve Riley, senior security strategist, Microsoft Corporation "There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one." Ronda Henning, senior scientist-software/security queen, Harris Corporation Software that is developed from the beginning with security in mind will resist, tolerate, and recover from attacks more effectively than would otherwise be possible. While there may be no silver bullet for security, there are practices that project managers will find beneficial. With this management guide, you can select from a number of sound practices likely to increase the security and dependability of your software, both during its development and subsequently in its operation. Software Security Engineeringdraws extensively on the systematic approach developed for theBuild Security In (BSI)Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC). The bookrs"s expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security. This book will help you understand why Software security is about more than just eliminating vulnerabilities and conducting penetration tests Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks Software security initiatives should follow a risk-management approach to identify priorities and to define what is "good enough"understanding that software security risks will change throughout the SDLC Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack

Author Biography

Julia H. Allen, a senior researcher within the CERT Program at the SEI, is the author of The CERT Guide to System and Network Security Practices (Addison-Wesley, 2001) Sean Barnum is a principal consultant at Cigital and technical lead for their federal services practice Robert J. Ellison, Ph.D., is a senior researcher within the CERT Program at the SEI Gary McGraw, Ph.D., is the CTO of Cigital and the author of seven best-selling books, including Software Security (Addison-Wesley, 2006) Nancy R. Mead, Ph.D., is a senior researcher within the CERT Program at the SEI, and is also a faculty member at Carnegie Mellon University

Table of Contents

Forewordp. xi
Prefacep. xiii
About the Authorsp. xxiii
Why Is Security a Software Issue?p. 1
Introductionp. 1
The Problemp. 2
System Complexity: The Context within Which Software Livesp. 5
Software Assurance and Software Securityp. 6
The Role of Processes and Practices in Software Securityp. 8
Threats to Software Securityp. 9
Sources of Software Insecurityp. 11
The Benefits of Detecting Software Security Defects Earlyp. 13
Making the Business Case for Software Security: Current Statep. 17
Managing Secure Software Developmentp. 18
Which Security Strategy Questions Should I Ask?p. 18
A Risk Management Framework for Software Securityp. 20
Software Security Practices in the Development Life Cyclep. 20
Summaryp. 23
What Makes Software Secure?p. 25
Introductionp. 25
Defining Properties of Secure Softwarep. 26
Core Properties of Secure Softwarep. 26
Influential Properties of Secure Softwarep. 28
How to Influence the Security Properties of Softwarep. 36
The Defensive Perspectivep. 37
The Attacker's Perspectivep. 43
How to Assert and Specify Desired Security Propertiesp. 61
Building a Security Assurance Casep. 62
A Security Assurance Case Examplep. 63
Incorporating Assurance Cases into the SDLCp. 67
Related Security Assurance and Compliance Effortsp. 68
Maintaining and Benefitting from Assurance Casesp. 69
Summaryp. 71
Requirements Engineering for Secure Softwarep. 73
Introductionp. 73
The Importance of Requirements Engineeringp. 74
Quality Requirementsp. 75
Security Requirements Engineeringp. 76
Misuse and Abuse Casesp. 78
Security Is Not a Set of Featuresp. 79
Thinking About What You Can't Dop. 80
Creating Useful Misuse Casesp. 81
An Abuse Case Examplep. 82
The SQUARE Process Modelp. 84
A Brief Description of SQUAREp. 88
Toolsp. 90
Expected Resultsp. 90
SQUARE Sample Outputsp. 91
Output from SQUARE Stepsp. 92
SQUARE Final Resultsp. 99
Requirements Elicitationp. 99
Overview of Several Elicitation Methodsp. 100
Elicitation Evaluation Criteriap. 103
Requirements Prioritizationp. 106
Identify Candidate Prioritization Methodsp. 106
Prioritization Technique Comparisonp. 110
Recommendations for Requirements Prioritizationp. 111
Summaryp. 112
Secure Software Architecture and Designp. 115
Introductionp. 115
The Critical Role of Architecture and Designp. 115
Issues and Challengesp. 117
Software Security Practices for Architecture and Design: Architectural Risk Analysisp. 119
Software Characterizationp. 120
Threat Analysisp. 123
Architectural Vulnerability Assessmentp. 126
Risk Likelihood Determinationp. 130
Risk Impact Determinationp. 132
Risk Mitigation Planningp. 134
Recapping Architectural Risk Analysisp. 136
Software Security Knowledge for Architecture and Design: Security Principles, Security Guidelines, and Attack Patternsp. 137
Security Principlesp. 137
Security Guidelinesp. 143
Attack Patternsp. 147
Summaryp. 148
Considerations for Secure Coding and Testingp. 151
Introductionp. 151
Code Analysisp. 152
Common Software Code Vulnerabilitiesp. 153
Source Code Reviewp. 156
Coding Practicesp. 160
Sources of Additional Information on Secure Codingp. 161
Software Security Testingp. 163
Contrasting Software Testing and Software Security Testingp. 165
Functional Testingp. 167
Risk-Based Testingp. 169
Security Testing Considerations Throughout the SDLCp. 173
Unit Testingp. 174
Testing Libraries and Executable Filesp. 175
Integration Testingp. 176
System Testingp. 176
Sources of Additional Information on Software Security Testingp. 179
Summaryp. 180
Security and Complexity: System Assembly Challengesp. 183
Introductionp. 183
Security Failuresp. 186
Categories of Errorsp. 187
Attacker Behaviorp. 188
Functional and Attacker Perspectives for Security Analysis: Two Examplesp. 189
Web Services: Functional Perspectivep. 190
Web Services: Attacker's Perspectivep. 192
Identity Management: Functional Perspectivep. 196
Identity Management: Attacker's Perspectivep. 198
Identity Management and Software Developmentp. 201
System Complexity Drivers and Securityp. 203
Wider Spectrum of Failuresp. 205
Incremental and Evolutionary Developmentp. 212
Conflicting or Changing Goals Complexityp. 213
Deep Technical Problem Complexityp. 215
Summaryp. 217
Governance, and Managing for More Secure Softwarep. 221
Introductionp. 221
Governance and Securityp. 223
Definitions of Security Governancep. 223
Characteristics of Effective Security Governance and Managementp. 224
Adopting an Enterprise Software Security Frameworkp. 226
Common Pitfallsp. 227
Framing the Solutionp. 230
Define a Roadmapp. 235
How Much Security Is Enough?p. 236
Defining Adequate Securityp. 236
A Risk Management Framework for Software Securityp. 238
Security and Project Managementp. 244
Project Scopep. 245
Project Planp. 246
Resourcesp. 250
Estimating the Nature and Duration of Required Resourcesp. 251
Project and Product Risksp. 253
Measuring Software Securityp. 254
Maturity of Practicep. 259
Protecting Informationp. 259
Audit's Rolep. 260
Operational Resilience and Convergencep. 261
A Legal Viewp. 263
A Software Engineering Viewp. 263
Exemplarsp. 265
Summaryp. 266
Getting Startedp. 267
Where to Beginp. 269
In Closingp. 281
Glossaryp. 283
Referencesp. 291
Build Security In Web Site Referencesp. 311
Indexp. 317
Table of Contents provided by Ingram. All Rights Reserved.


The Problem Addressed by This BookSoftware is ubiquitous. Many of the products, services, and processes that organizations use and offer are highly dependent on software to handle the sensitive and high-value data on which people's privacy, livelihoods, and very lives depend. For instance, national securityand by extension citizens' personal safetyrelies on increasingly complex, interconnected, software-intensive information systems that, in many cases, use the Internet or Internet-exposed private networks as their means for communication and transporting data.This ubiquitous dependence on information technology makes software security a key element of business continuity, disaster recovery, incident response, and national security. Software vulnerabilities can jeopardize intellectual property, consumer trust, business operations and services, and a broad spectrum of critical applications and infrastructures, including everything from process control systems to commercial application products.The integrity of critical digital assets (systems, networks, applications, and information) depends on the reliability and security of the software that enables and controls those assets. However, business leaders and informed consumers have growing concerns about the scarcity of practitioners with requisite competencies to address software security Carey 2006. Specifically, they have doubts about suppliers' capabilities to build and deliver secure software that they can use with confidence and without fear of compromise. Application software is the primary gateway to sensitive information. According to a Deloitte survey of 169 major global financial institutions, titled2007 Global Security Survey: The Shifting Security ParadigmDeloitte 2007, current application software countermeasures are no longer adequate. In the survey, Gartner identifies application security as the number one issue for chief information officers (CIOs).The absence of security discipline in today's software development practices often produces software with exploitable weaknesses. Security-enhanced processes and practicesand the skilled people to manage them and perform themare required to build software that can be trusted to operate more securely than software being used today.That said, there is an economic counter-argument, or at least the perception of one: Some business leaders and project managers believe that developing secure software slows the software development process and adds to the cost while not offering any apparent advantage. In many cases, when the decision reduces to "ship now" or "be secure and ship later," "ship now" is almost always the choice made by those who control the money but have no idea of the risks. The opposite side of this argument, including how software security can potentially reduce cost and schedule, is discussed in Chapter 1 (Section 1.6, "The Benefits of Detecting Software Security Defects Early") and Chapter 7 (Section 7.5.3, in the "Knowledge and Expertise" subsection discussing Microsoft's experience with its Security Development Lifecycle) in this book. Software's Vulnerability to AttackThe number of threats specifically targeting software is increasing, and the majority of network- and system-level attacks now exploit vulnerabilities in application-level software. According to CERT analysts at Carnegie Mellon University, 1 most successful attacks result from targeting and exploiting known, unpatched software vulnerabilities and insecure software configurations, a significant number of which are introduced during software design and development.These conditions contribute to the increased risks associated with software-enabled ca

Rewards Program

Write a Review