Название: Secure Software Systems: Design and Development Автор: Erik Fretheim, Marie Deschene Издательство: Jones & Bartlett Learning Год: 2023 Страниц: 658 Язык: английский Формат: epub Размер: 19.9 MB
Secure Software Systems presents an approach to secure software systems design and development that tightly integrates security and systems design and development (or software engineering) together. It addresses the software development process from the perspective of a security practitioner. The text focuses on the processes, concepts, and concerns of ensuring that secure practices are followed throughout the secure software systems development life cycle, including the practice of following the life cycle rather than just doing ad hoc development.
The goal of this textbook is to present an approach to secure software systems design and development that tightly integrates security and systems design and development (or software engineering) together. The desire to create the book came from searching for an appropriate textbook for a secure software development course. It quickly became apparent that three types of books were available. The first was a software development/engineering book with a chapter or two of security added at the end. The second was a cybersecurity book with a chapter or two of software development/engineering added at the end. Finally, the third type of book was an A-Z list of all of the potential errors the authors knew about that could be included in a program, with the admonishment “don’t do this.” None of the alternatives presented a systematic approach to applying security while going through the secure software systems development life cycle.
Ultimately every software system is going to be tested. It can be done by jumping to the ultimate crucible of real-world use. Many programmers feel that the quality of the code they produce is such that this is the only test ever needed. These are delusional people doomed to failure. Testing is a critical element of the secure software development life cycle and needs to be included from the start and conducted throughout the process. Testing is the process of verifying and validating that a software system or application meets the intended requirements, performs as expected, and contains no unknown defects, flaws, or errors, and no unmitigated vulnerabilities. Verification is the process of ensuring that the system meets the provided requirements. It answers the question “Did we build it correctly.” Validation is the process of ensuring that the system performs the functions it is intended to perform in an acceptable manner. It answers the question “Did we build what we were supposed to build?” Both verification and validation will be performed throughout the secure development life cycle.
Audience: The material is suitable for undergraduate or graduate computer science majors or information science majors, as well as dedicated cybersecurity and software development programs. This text may also be used at a two-year technical college or community college for students who have a basic technical background or for self-study.
Contents: Preface CHAPTER 1 Secure Software Systems Development CHAPTER 2 Product and Portfolio Management CHAPTER 3 Program and Project Management CHAPTER 4 Process Management CHAPTER 5 Managing the Secure Software Systems Development Life Cycle CHAPTER 6 Security Culture, Responsibility, and Training CHAPTER 7 Requirements and Security Requirements Planning CHAPTER 8 Compliance CHAPTER 9 Quality Management CHAPTER 10 Modeling CHAPTER 11 Architecture CHAPTER 12 Vulnerability and Threat Assessment CHAPTER 13 The Development Environment CHAPTER 14 Configuration Management CHAPTER 15 Testing CHAPTER 16 Product Release and Deployment CHAPTER 17 Operations and Maintenance CHAPTER 18 Retirement or End-of-Life Glossary Index
Secure By Design Название: Secure By Design Автор: Daniel Deogun, Dan Bergh Johnsson, Daniel Sawano Издательство: Manning Publications Год: 2019 Формат: true pdf/epub...