Название: Software Security: Concepts & PracticesАвтор: Suhel Ahmad Khan, Rajeev Kumar, Raees Ahmad Khan
Издательство: CRC Press
Год: 2023
Страниц: 330
Язык: английский
Формат: pdf (true)
Размер: 14.4 MB
The book Software Security: Concepts and Practices aims to build software security principles and techniques that will assist developers in detecting and measuring security early in the software development life cycle, resulting in secure software. It is clear that security issues arise as a result of a lack of built-in security features. Early and suitable efforts for security estimation must be made in order to build appropriate software. Early in the software development life cycle, it has become obvious that removing vulnerabilities, correcting defects, and eliminating unwanted/unwanted complexities leads to secure software development. Software security has become a big concern in recent years, and it is likely to worsen in the years ahead. For security issues, there is no simple solution available. As a result, integrating security into software development has grown difficult. Attempts to integrate security at the end of the software development process add complexity, cost, and time to the process.
Early detection of security and associated hazards, on the other hand, may aid in lowering development costs and increasing end-user confidence. Changes performed during the design phase are less expensive because the phase provides the software’s blue print. As a result, the research has chosen the challenge of improving software security throughout the design phase. Security issues developed during the design process have a negative impact on the software life cycle. According to Gary McGraw, nearly half of all security concerns are discovered at the design stage. The irony is that the design phase receives very little attention throughout the development life cycle. Furthermore, because design flaws may go undetected during the phase, maintenance costs may be up to 90% higher than the total cost of the software development life cycle. Measuring security throughout the design process is a critical step in enhancing security during the development of object-oriented software. The object-oriented design’s security can be assessed using appropriate evaluation methodologies and metrics. Given the importance of addressing security throughout the design phase, a security measure, such as a software security meter, must be developed. There is a need to establish a framework in the form of a book in the absence of an acceptable framework for software security metric development at this stage.
The book will help practitioners solve future difficulties by assisting in the development and validation of software security during the development life cycle. Furthermore, security is described as a system of laws, regulations, and procedures that govern an organization’s administration, protection, and transfer of sensitive information. Confidentiality, integrity, authenticity, availability, and non-repudiation are some of the terms used.
By focusing on software security during development, you can safeguard it from unauthorized use, access, disclosure, and modification. The attackers are not just at fault for the incidents recounted; software designers and developers are also to blame. Attackers do not build security gaps on their own; instead, they take advantage of software flaws. Vulnerabilities are flaws in software that are introduced during development. Even the presence of a single vulnerability can result in irreversible financial and reputational damage to a business. Despite the fact that there have been numerous life-threatening security incidents, it is still viewed as an afterthought while designing software. Frequently, security measures are sprayed on fully created software. Ironically, security professionals can never be certain that they have discovered and patched all security flaws. As a result, security has become a significant challenge. In order to thrive in today’s competitive world, software developers must consider not only their consumers but also their competitors. Software security refers to the process of addressing security at each stage of the software development life cycle. It’s the concept of creating software that can perform needed functions even if it’s under assault. As a result, it’s all about producing safe software, which means designing secure software and teaching software practitioners, architects, and users how to do so.
The goal of this book is to describe software and security principles early in the software development life cycle so that security assurance efforts can be optimized at all stages. The purpose of the book is to provide a means of identifying security issues, risks, and threats during the design phase of software development. Organizations can utilize the measurements to gain insight into the security of software under development. Security metrics, architecture, and estimate models are examples of software security aspects that govern the objectives defined by developers and organizations. Furthermore, the proposed book’s goal is to produce security knowledge connected to management and governance for higher education, which can be utilized to identify problems at various stages and address them there to save money, time, and effort. Other contributions include a systematic phase-by-phase approach for software development, such as the development and testing processes.
Features:
The book presents the implementation of a unique socio-technical solution for real-time cybersecurity awareness.
It provides comprehensible knowledge about security, risk, protection, estimation, knowledge and governance.
Various emerging standards, models, metrics, continuous updates and tools are described to understand security principals and mitigation mechanism for higher security.
The book also explores common vulnerabilities plaguing today's web applications.
The book is aimed primarily at advanced undergraduates and graduates studying Computer Science, Artificial Intelligence and information technology. Researchers and professionals will also find this book useful.
Скачать Software Security: Concepts & Practices