With the multitude of existing attacks that are known to date and the number that will continue to emerge, software security is in a reactive state and many have predicted that it will remain so for the foreseeable future. This book seeks to change that opinion by presenting a practical guide to proactive software security. Secure Software Design is written for the student, the developer, and management to bring a new way of thinking to secure software design. The focus of this book is on analyzing risks, understanding likely points of attack, and pre-deciding how your software will deal with the attack that will inevitably arise. By looking at the systemic threats in any deployment environment and studying the vulnerabilities of your application, this book will show you how to construct software that can deal with attacks both known and unknown instead of waiting for catastrophe and the cleanup efforts of tomorrow. Hands-on examples and simulated cases for the novice and the professional support each chapter by demonstrating the principles presented.
Features & Benefits
- A comprehensive case project, mapped with examples, is used to demonstrate concepts and allows students to construct additional examples and practice the concepts in expanding the system design and documentation.
- Covers the complete software design process with a focus on security.
- Considers the cultural impact of the organization as a factor affecting the security of a software program.
- Focuses on current and future threats and how to provide a defense for security issues.
Part Part I Background and Introduction
Chapter Chapter 1 Introduction
Chapter Chapter 2 Current and Emerging Threats
Part Part II Systemic Threats
Chapter Chapter 3 The Network Environment
Chapter Chapter 4 The Operating System Environment
Chapter Chapter 5 The Database Environment
Chapter Chapter 6 Programming Languages
Part Part III Secure Software Design
Chapter Chapter 7 Security Requirements Planning
Chapter Chapter 8 Vulnerability Mapping
Chapter Chapter 9 Development and Implementation
Chapter Chapter 10 Application Review and Testing
Chapter Chapter 11 Incorporating SSD with the SDLC
Part Part IV Redefining Security
Chapter Chapter 12 Personnel Training
Chapter Chapter 13 A Culture of Security
Part Part V Advanced Threat Analysis
Chapter Chapter 14 Web Application Threats
Chapter Chapter 15 Secure Data Management
Chapter Chapter 16 Zero Day and Beyond
Theodor Richardson, PhD-Interim Chair of Information Technology, College of Business, South University, Georgia
Dr. Theodor Richardson received his doctoral degree in Computer Science and Engineering from the University of South Carolina along with the NSA Graduate Certificate in Information Assurance and Security. He has published conference and journal articles in the area of security including the International Journal of Sensor Networks and the International Conference on Communications and Networks. He currently teaches graduate and undergraduate courses in network security and application security as well as software development and software programming. Dr. Richardson is also a security text reviewer for the ALA Choice Magazine.
Charles N Thies-Regis University, Colorado
Charles Thies attended the University of Denver where he received a Masters of Applied Science in Computer Information Systems. He has worked for the Department of Defense in assignments overseas as an information technology professional and is published in the Journal of Information Science Applied Research. He has over twelve years of industry experience in the area of information security and database administration. Currently he is an affiliate faculty member at Regis University, Denver, Colorado at the School of Computer and Information Sciences and holds the CompTIA Security + certification.