책 이미지
eBook 미리보기
책 정보
· 제목 : Secure and Resilient Software : Requirements, Test Cases, and Testing Methods (Hardcover)
· 분류 : 외국도서 > 컴퓨터 > 프로그래밍 언어 > 일반
· ISBN : 9781439866214
· 쪽수 : 278쪽
· 출판일 : 2011-11-10
· 분류 : 외국도서 > 컴퓨터 > 프로그래밍 언어 > 일반
· ISBN : 9781439866214
· 쪽수 : 278쪽
· 출판일 : 2011-11-10
목차
Introduction
Bad Design Choices Led to the Vulnerable Internet We Know Today
HTTP Has Its Problems, Too
Design Errors Continue Haunting Us Today
Requirements & Design: The Keys to a Successful Software Project
How Design Flaws Play Out
DNS Vulnerability
The London Stock Exchange
Medical Equipment
Airbus A380
Solutions Are In Sight!
Notes
Nonfunctional Requirements (NFRs) in Context
Agree on Definitions
Identify Assets and Security/Quality Goals
Perform Risk Assessments
Elicit Security Requirements
Prioritize Requirements
Characteristics of Good Requirements
Summary
Notes
Resilience and Quality Considerations for Application Software and the Application Runtime Environment
Relationships among Nonfunctional Requirements
Considerations for Developing NFRs for your Applications and Runtime Environment
Checking Your Work
Summary
Notes
Security Requirements for Application Software
Think Like an Attacker
Detailed Security Requirements
Identification Requirements
Authentication Requirements
Authorization Requirements
Security Auditing Requirements
Confidentiality Requirements
Integrity Requirements
Availability Requirements
Nonrepudiation Requirements
Immunity Requirements
Survivability Requirements
Systems Maintenance Security Requirements
Privacy Requirements
Summary
References
Security Services for the Application Operating Environment
Standardizing Tools for an Enterprise Architecture
Security Technical Reference Model (TRM)
Identification and Authentication
System Entry Control
Audit
Access Control
Nonrepudiation
Security Management
Trusted Recovery
Encryption
Trusted Communications
Summary
References
Software Design Considerations for Security and Resilience
Architecture and Design Considerations
Special Security Design Considerations for Payment Applications on Mobile Communications Devices
Designing for Integrity
Architecture and Design Review Checklist
Summary
References
Best Practices for Converting Requirements to Secure Software Designs
Secure Design Approach
Reusable Security APIs/Libraries
Security Frameworks
Establishing and Following Best Practices for Design
Security Requirements
Security Recommendations
What’s an Attack Surface?
What Is Managed Code?
Understanding Business Requirements for Security Design
Summary
References
Security Test Cases
Security Test Cases
Test Cases for Identification Requirements
Test Cases for Authentication Requirements
Test Cases for Authorization Requirements
Test Cases for Security Auditing Requirements
Test Cases for Confidentiality Requirements
Test Cases for Integrity Requirements
Test Cases for Availability Requirements
Test Cases for Nonrepudiation Requirements
Test Cases for Immunity Requirements
Test Cases for Survivability Requirements
Test Cases for Systems Maintenance Security Requirements
Summary
Testing Methods and Best Practices
OWASP’s Application Security Verification Standard (ASVS)
Application Security Verification Levels
Level 1?Automated Verification
Level 2?Manual Verification
Level 3?Design Verification
Level 4?Internal Verification
Security Testing Methods
Manual Source Code Review
Automated Source Code Analysis
Automated Reviews Compared with Manual Reviews
Automated Source Code Analysis Tools?Deployment Strategy
IDE Integration for Developers
Build Integration for Governance
Automated Dynamic Analysis
Limitations of Automated Dynamic Analysis Tools
Automated Dynamic Analysis Tools?Deployment Strategy
Developer Testing
Centralized Quality Assurance Testing
Penetration (Pen) Testing
Gray Box Testing
Summary
References
Connecting the Moving Parts
Security Requirements
Security Requirements: Level 1
Security Requirements: Level 2
Security Requirements: Level 3
Security Testing
Security Testing: Level 1
Security Testing: Level 2
Security Testing: Level 3
Wrap-Up
References
Index
