Security-Driven Software Development : Learn to Analyze and Mitigate Risks in Your Software Projects

Security-Driven Software Development Learn to Analyze and Mitigate Risks in Your Software Projects

Trace security requirements through each development phase, mitigating multiple-layer attacks with practical examples, and emerge equipped with the skills to build resilient applications Key Features Explore the practical application of secure software development methodologies Model security vulner...

Descripción completa

Detalles Bibliográficos
Otros Autores: Olmsted, Aspen, author (author)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Birmingham, England : Packt Publishing Ltd [2024]
Edición:First edition
Materias:
Software engineering > Security measures.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009807525206719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright
  • Dedication
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Modeling a Secure Application
  • Chapter 1: Security Principles
  • What could go wrong?
  • Principles
  • Open Web Application Security Project
  • NIST's Secure Software Development Framework
  • MITRE frameworks
  • Software development lifecycles
  • Microsoft's Security Development Lifecycle
  • Confidentiality, integrity, and availability
  • Summary
  • Self-assessment questions
  • Answers
  • Chapter 2: Designing a Secure Functional Model
  • Requirements gathering and specification
  • Non-functional requirements and security
  • Capturing scenarios
  • Textual use cases and misuse cases
  • Graphical use cases and misuse cases
  • Graphical use case diagram
  • Graphical misuse case diagram
  • Example enterprise secure functional model
  • Purchase of tickets via self-service
  • Trying to purchase tickets beyond the patron limit
  • Summary
  • Self-assessment questions
  • Answers
  • Chapter 3: Designing a Secure Object Model
  • Identify objects and relationships
  • Class diagrams
  • Stereotypes
  • Invariants
  • Example of the enterprise secure object model
  • Summary
  • Self-assessment questions
  • Answers
  • Chapter 4: Designing a Secure Dynamic Model
  • Technical requirements
  • Object behavior
  • Modeling interactions between objects
  • UML sequence diagrams
  • UML activity diagrams
  • Constraints
  • Example of the enterprise secure dynamic model
  • Summary
  • Self-assessment questions
  • Answers
  • Chapter 5: Designing a Secure System Model
  • Partitions
  • Modeling interactions between partitions
  • UML component diagrams
  • Patterns
  • Example - developing an enterprise secure system model
  • Summary
  • Self-assessment questions
  • Answers
  • Chapter 6: Threat Modeling
  • Threat model overview
  • The STRIDE threat model
  • The DREAD threat model.
  • Attack trees
  • Mitigations
  • Microsoft Threat Modeling Tool
  • Example of an enterprise threat model
  • Summary
  • Self-assessment questions
  • Answers
  • Part 2: Mitigating Risks in Implementation
  • Chapter 7: Authentication and Authorization
  • Authentication
  • Authorization
  • Security Models
  • Single sign-on and open authorization
  • Single sign-on (SSO)
  • Open authorization (OAuth)
  • Implementing SSO and OAuth with Google
  • Example of enterprise implementation
  • Summary
  • Self-assessment questions
  • Answers
  • Chapter 8: Input Validation and Sanitization
  • Input validation
  • Input sanitization
  • Language-specific defenses
  • Buffer overflows
  • Example of the enterprise input validation and sanitization
  • Summary
  • Self-assessment questions
  • Answers
  • Chapter 9: Standard Web Application Vulnerabilities
  • Injection attacks
  • Broken authentication and session management
  • Request forgery
  • Language-specific defenses
  • Example of enterprise web defenses
  • Summary
  • Self-assessment questions
  • Answers
  • Chapter 10: Database Security
  • Overview of SQL
  • SQL injection
  • Maintaining database correctness
  • Managing activity concurrency
  • Language-specific defenses
  • RBAC security in DBMS
  • Encryption in DBMS
  • An example of enterprise DB security
  • Summary
  • Self-assessment questions
  • Answers
  • Part 3: Security Validation
  • Chapter 11: Unit Testing
  • The principles of unit testing
  • The advantages of unit testing
  • Unit testing frameworks
  • An example of enterprise threat model
  • PHPUnit
  • JUnit
  • PyUnit
  • Summary
  • Self-assessment questions
  • Answers
  • Chapter 12: Regression Testing
  • Regression testing overview
  • Key concepts
  • Process
  • Benefits
  • Robotic process automation
  • The intersection of RPA and regression testing
  • Regression testing tools
  • Load testing.
  • Integration and complementarity
  • UI.Vision RPA
  • Example of the enterprise regression tests
  • Summary
  • Self-assessment questions
  • Answers
  • Chapter 13: Integration, System, and Acceptance Testing
  • Types of integration tests
  • Mocks
  • Stubs
  • Examples of enterprise integration testing
  • System testing
  • Acceptance testing
  • Summary
  • Self-assessment questions
  • Answers
  • Chapter 14: Software Penetration Testing
  • Types of tests
  • Phases
  • Tools
  • Information gathering and reconnaissance
  • Vulnerability analysis and exploitation
  • Post-exploitation and privilege escalation
  • Network sniffing
  • Forensics and monitoring
  • Reporting and documentation
  • An example of an enterprise penetration test report
  • High-level summary
  • Host analysis
  • Summary
  • Self-assessment questions
  • Answers
  • Index
  • About PACKT
  • Other Books You May Enjoy.

Ejemplares similares