Автор: Erik Fretheim, Marie Deschene
Издательство: Jones & Bartlett Learning
Год: 2023
Страниц: 658
Язык: английский
Формат: epub
Размер: 19.9 MB
Secure Software Systems presents an approach to secure software systems design and development that tightly integrates security and systems design and development (or software engineering) together. It addresses the software development process from the perspective of a security practitioner. The text focuses on the processes, concepts, and concerns of ensuring that secure practices are followed throughout the secure software systems development life cycle, including the practice of following the life cycle rather than just doing ad hoc development.
The goal of this textbook is to present an approach to secure software systems design and development that tightly integrates security and systems design and development (or software engineering) together. The desire to create the book came from searching for an appropriate textbook for a secure software development course. It quickly became apparent that three types of books were available. The first was a software development/engineering book with a chapter or two of security added at the end. The second was a cybersecurity book with a chapter or two of software development/engineering added at the end. Finally, the third type of book was an A-Z list of all of the potential errors the authors knew about that could be included in a program, with the admonishment “don’t do this.” None of the alternatives presented a systematic approach to applying security while going through the secure software systems development life cycle.
Ultimately every software system is going to be tested. It can be done by jumping to the ultimate crucible of real-world use. Many programmers feel that the quality of the code they produce is such that this is the only test ever needed. These are delusional people doomed to failure. Testing is a critical element of the secure software development life cycle and needs to be included from the start and conducted throughout the process. Testing is the process of verifying and validating that a software system or application meets the intended requirements, performs as expected, and contains no unknown defects, flaws, or errors, and no unmitigated vulnerabilities. Verification is the process of ensuring that the system meets the provided requirements. It answers the question “Did we build it correctly.” Validation is the process of ensuring that the system performs the functions it is intended to perform in an acceptable manner. It answers the question “Did we build what we were supposed to build?”
Both verification and validation will be performed throughout the secure development life cycle.
Audience:
The material is suitable for undergraduate or graduate computer science majors or information science majors, as well as dedicated cybersecurity and software development programs. This text may also be used at a two-year technical college or community college for students who have a basic technical background or for self-study.
Contents:
Preface
CHAPTER 1 Secure Software Systems Development
CHAPTER 2 Product and Portfolio Management
CHAPTER 3 Program and Project Management
CHAPTER 4 Process Management
CHAPTER 5 Managing the Secure Software Systems Development Life Cycle
CHAPTER 6 Security Culture, Responsibility, and Training
CHAPTER 7 Requirements and Security Requirements Planning
CHAPTER 8 Compliance
CHAPTER 9 Quality Management
CHAPTER 10 Modeling
CHAPTER 11 Architecture
CHAPTER 12 Vulnerability and Threat Assessment
CHAPTER 13 The Development Environment
CHAPTER 14 Configuration Management
CHAPTER 15 Testing
CHAPTER 16 Product Release and Deployment
CHAPTER 17 Operations and Maintenance
CHAPTER 18 Retirement or End-of-Life
Glossary
Index
Скачать Secure Software Systems