Book description
STRENGTHEN SOFTWARE SECURITY BY HELPING DEVELOPERS AND SECURITY EXPERTS WORK TOGETHER
Traditional approaches to securing software are inadequate. The solution: Bring software engineering and network security teams together in a new, holistic approach to protecting the entire enterprise. Now, four highly respected security experts explain why this “confluence” is so crucial, and show how to implement it in your organization.
Writing for all software and security practitioners and leaders, they show how software can play a vital, active role in protecting your organization. You’ll learn how to construct software that actively safeguards sensitive data and business processes and contributes to intrusion detection/response in sophisticated new ways. The authors cover the entire development lifecycle, including project inception, design, implementation, testing, deployment, operation, and maintenance. They also provide a full chapter of advice specifically for Chief Information Security Officers and other enterprise security executives.
Whatever your software security responsibilities, Enterprise
Software Security delivers indispensable big-picture
guidance–and specific, high-value recommendations you can
apply right now.
COVERAGE INCLUDES:
• Overcoming common obstacles to collaboration between
developers and IT security professionals
• Helping programmers design, write, deploy, and operate more
secure software
• Helping network security engineers use application output
more effectively
• Organizing a software security team before you’ve
even created requirements
• Avoiding the unmanageable complexity and inherent flaws of
layered security
• Implementing positive software design practices and
identifying security defects in existing designs
• Teaming to improve code reviews, clarify attack scenarios
associated with vulnerable code, and validate positive
compliance
• Moving beyond pentesting toward more comprehensive security
testing
• Integrating your new application with your existing
security infrastructure
• “Ruggedizing” DevOps by adding infosec to the
relationship between development and operations
• Protecting application security during maintenance
Table of contents
- About This eBook
- Title Page
- Copyright Page
- Dedication Page
- Contents
- Acknowledgments
- About the Authors
- Preface
- 1. Introduction to the Problem
- 2. Project Inception
- 3. Design Activities
- 4. Implementation Activities
- 5. Testing Activities
- 6. Deployment and Integration
- 7. Operating Software Securely
- 8. Maintaining Software Securely
-
9. The View from the Center
- Ideas for Encouraging Confluent Application Development
- Toward a Confluent Network
- Security Awareness and Training
- Policies, Standards, and Guidelines
- The Role of Other Departments and Corporate Entities
- Resource Budgeting and Strategic Planning for Confluence
- Assessment Tools and Techniques
- Mobile Plans—Postmortem Interviews
- Notes for Small Shops or Individuals
- Summing Up
- Endnotes
- Index
- Code Snippets
Product information
- Title: Enterprise Software Security: A Confluence of Disciplines
- Author(s):
- Release date: December 2014
- Publisher(s): Addison-Wesley Professional
- ISBN: 9780321604378
You might also like
book
Security and Privacy in Cyber-Physical Systems
Written by a team of experts at the forefront of the cyber-physical systems (CPS) revolution, this …
book
8 Steps to Better Security
Harden your business against internal and external cybersecurity threats with a single accessible resource. In 8 …
book
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
PHP security, just like PHP itself, has advanced. Updated for PHP 5.3, the second edition of …
book
Architecture of Network Systems
Architecture of Network Systems explains the practice and methodologies that will allow you to solve a …