90折
Secure and Resilient Software ─ Requirements, Test Cases, and Testing Methods
商品資訊
定價
:NT$ 4874 元優惠價
:90 折 4387 元
若需訂購本書,請電洽客服 02-25006600[分機130、131]。
相關商品
商品簡介
作者簡介
目次
商品簡介
Secure and Resilient Software: Requirements, Test Cases, and Testing Methods provides a comprehensive set of requirements for secure and resilient software development and operation. It supplies documented test cases for those requirements as well as best practices for testing nonfunctional requirements for improved information assurance. This resource-rich book includes:
Pre-developed nonfunctional requirements that can be reused for any software development project
Documented test cases that go along with the requirements and can be used to develop a Test Plan for the software
Testing methods that can be applied to the test cases provided
A CD with all security requirements and test cases as well as MS Word versions of the checklists, requirements, and test cases covered in the book
Offering ground-level, already-developed software nonfunctional requirements and corresponding test cases and methods, this book will help to ensure that your software meets its nonfunctional requirements for security and resilience. The accompanying CD filled with helpful checklists and reusable documentation provides you with the tools needed to integrate security into the requirements analysis, design, and testing phases of your software development lifecycle.
Some Praise for the Book:
This book pulls together the state of the art in thinking about this important issue in a holistic way with several examples. It takes you through the entire lifecycle from conception to implementation … .—Doug Cavit, Chief Security Strategist, Microsoft Corporation
…provides the reader with the tools necessary to jump-start and mature security within the software development lifecycle (SDLC). —Jeff Weekes, Sr. Security Architect at Terra Verde Services… full of useful insights and practical advice from two authors who have lived this process. What you get is a tactical application security roadmap that cuts through the noise and is immediately applicable to your projects. —Jeff Williams, Aspect Security CEO and Volunteer Chair of the OWASP Foundation
Pre-developed nonfunctional requirements that can be reused for any software development project
Documented test cases that go along with the requirements and can be used to develop a Test Plan for the software
Testing methods that can be applied to the test cases provided
A CD with all security requirements and test cases as well as MS Word versions of the checklists, requirements, and test cases covered in the book
Offering ground-level, already-developed software nonfunctional requirements and corresponding test cases and methods, this book will help to ensure that your software meets its nonfunctional requirements for security and resilience. The accompanying CD filled with helpful checklists and reusable documentation provides you with the tools needed to integrate security into the requirements analysis, design, and testing phases of your software development lifecycle.
Some Praise for the Book:
This book pulls together the state of the art in thinking about this important issue in a holistic way with several examples. It takes you through the entire lifecycle from conception to implementation … .—Doug Cavit, Chief Security Strategist, Microsoft Corporation
…provides the reader with the tools necessary to jump-start and mature security within the software development lifecycle (SDLC). —Jeff Weekes, Sr. Security Architect at Terra Verde Services… full of useful insights and practical advice from two authors who have lived this process. What you get is a tactical application security roadmap that cuts through the noise and is immediately applicable to your projects. —Jeff Williams, Aspect Security CEO and Volunteer Chair of the OWASP Foundation
作者簡介
Mark S. Merkow, CISSP, CISM, CSSLP works at PayPal Inc. (an eBay company) in Scottsdale, Arizona, as Manager of Information Security Policies, Standards, Training, and Awareness in the Information Risk Management area. Mark has more than 35 years of experience in information technology in a variety of roles, including applications development, systems analysis and design, security engineering, and security management. Mark holds a masters degree in decision and info systems from Arizona State University (ASU), a masters of education in distance learning from ASU, and an undergraduate degree in computer info systems from ASU. In addition to his day job, Mark engages in a number of other extracurricular activities, including consulting, course development, online course delivery, and writing columns and books on information technology and information security.
Mark has authored or coauthored ten books on IT and is a contributing editor on four others. Mark remains very active within the information security community, working in a variety of roles for the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Financial Services Technology Consortium (FSTC), and the Financial Services Sector Coordinating Council (FSCCC) on Homeland Security and Critical Infrastructure Protection.
He is the chairman of the Education Committee for the FS-ISAC and is a founding member of the Research and Development Committee of the FSSCC.
Lakshmikanth Raghavan, CISM, CRISC (Laksh) works at PayPal Inc. (an eBay company) as Staff Information Security Engineer in the Information Risk Management area, specializing in application security. Laksh has more than ten years of experience in the areas of information security and information risk management, and has provided consulting services to Fortune 500 companies and financial services companies around the world. Laksh holds a bachelor’s degree in electronics and telecommunication engineering from the University of Madras, India. He enjoys writing security-related articles and has spoken on the various dimensions of software security at industry forums and security conferences. This is Laksh’s second book.
Mark has authored or coauthored ten books on IT and is a contributing editor on four others. Mark remains very active within the information security community, working in a variety of roles for the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Financial Services Technology Consortium (FSTC), and the Financial Services Sector Coordinating Council (FSCCC) on Homeland Security and Critical Infrastructure Protection.
He is the chairman of the Education Committee for the FS-ISAC and is a founding member of the Research and Development Committee of the FSSCC.
Lakshmikanth Raghavan, CISM, CRISC (Laksh) works at PayPal Inc. (an eBay company) as Staff Information Security Engineer in the Information Risk Management area, specializing in application security. Laksh has more than ten years of experience in the areas of information security and information risk management, and has provided consulting services to Fortune 500 companies and financial services companies around the world. Laksh holds a bachelor’s degree in electronics and telecommunication engineering from the University of Madras, India. He enjoys writing security-related articles and has spoken on the various dimensions of software security at industry forums and security conferences. This is Laksh’s second book.
目次
Introduction Secure and Resilient Bad Design Choices Led to the Vulnerable Internet We Know Today HTTP Has Its Problems, Too Design Errors Continue Haunting Us TodayRequirements & Design: The Keys to a Successful Software ProjectHow Design Flaws Play Out DNS Vulnerability The London Stock Exchange Medical Equipment Airbus A380 Solutions Are In Sight!Notes
Nonfunctional Requirements (NFRs) in Context System Quality Requirements Engineering (SQUARE) Agree on Definitions Identify Assets and Security/Quality Goals Perform Risk Assessments Elicit Security Requirements Prioritize Requirements Characteristics of Good Requirements Summary Notes
Resilience and Quality Considerations for Application Software and the Application Runtime Environment Relationships among Nonfunctional Requirements Considerations for Developing NFRs for your Applications and Runtime Environment Checking Your WorkSummary Notes
Security Requirements for Application Software Security Control TypesThink Like an Attacker Detailed Security Requirements Identification Requirements Authentication Requirements Authorization Requirements Security Auditing Requirements Confidentiality Requirements Integrity RequirementsAvailability Requirements Nonrepudiation Requirements Immunity Requirements Survivability RequirementsSystems Maintenance Security RequirementsPrivacy RequirementsSummary References
Security Services for the Application Operating Environment The Open Group Architecture Framework (TOGAF)Standardizing Tools for an Enterprise Architecture Security Technical Reference Model (TRM) Identification and Authentication System Entry Control Audit Access Control Nonrepudiation Security Management Trusted Recovery Encryption Trusted Communications SummaryReferences
Software Design Considerations for Security and Resilience Design Issues Architecture and Design Considerations Special Security Design Considerations for Payment Applications on Mobile Communications Devices Designing for Integrity Architecture and Design Review Checklist Summary ReferencesBest Practices for Converting Requirements to Secure Software Designs Secure Design Approach Reusable Security APIs/Libraries Security Frameworks Establishing and Following Best Practices for Design Security Requirements Security Recommendations What’s an Attack Surface? What Is Managed Code?Understanding Business Requirements for Security Design Summary References
Security Test Cases Standardized Testing PolicySecurity Test Cases Test Cases for Identification Requirements Test Cases for Authentication Requirements Test Cases for Authorization Requirements Test Cases for Security Auditing Requirements Test Cases for Confidentiality Requirements Test Cases for Integrity Requirements Test Cases for Availability Requirements Test Cases for Nonrepudiation Requirements Test Cases for Immunity Requirements Test Cases for Survivability Requirements Test Cases for Systems Maintenance Security Requirements Summary
Testing Methods and Best Practices Secure Testing Approach OWASP’s Application Security Verification Standard (ASVS) Application Security Verification Levels Level 1—Automated Verification Level 2—Manual Verification Level 3—Design Verification Level 4—Internal Verification Security Testing Methods Manual Source Code Review Automated Source Code Analysis Automated Reviews Compared with Manual Reviews Automated Source Code Analysis Tools—Deployment Strategy IDE Integration for Developers Build Integration for Governance Automated Dynamic Analysis Limitations of Automated Dynamic Analysis Tools Automated Dynamic Analysis Tools—Deployment Strategy Developer Testing Centralized Quality Assurance Testing Penetration (Pen) Testing Gray Box Testing Summary References
Connecting the Moving PartsOpenSAMM Security Requirements Security Requirements: Level 1 Security Requirements: Level 2 Security Requirements: Level 3 Security Testing Security Testing: Level 1 Security Testing: Level 2 Security Testing: Level 3 Wrap-Up References Index
Nonfunctional Requirements (NFRs) in Context System Quality Requirements Engineering (SQUARE) Agree on Definitions Identify Assets and Security/Quality Goals Perform Risk Assessments Elicit Security Requirements Prioritize Requirements Characteristics of Good Requirements Summary Notes
Resilience and Quality Considerations for Application Software and the Application Runtime Environment Relationships among Nonfunctional Requirements Considerations for Developing NFRs for your Applications and Runtime Environment Checking Your WorkSummary Notes
Security Requirements for Application Software Security Control TypesThink Like an Attacker Detailed Security Requirements Identification Requirements Authentication Requirements Authorization Requirements Security Auditing Requirements Confidentiality Requirements Integrity RequirementsAvailability Requirements Nonrepudiation Requirements Immunity Requirements Survivability RequirementsSystems Maintenance Security RequirementsPrivacy RequirementsSummary References
Security Services for the Application Operating Environment The Open Group Architecture Framework (TOGAF)Standardizing Tools for an Enterprise Architecture Security Technical Reference Model (TRM) Identification and Authentication System Entry Control Audit Access Control Nonrepudiation Security Management Trusted Recovery Encryption Trusted Communications SummaryReferences
Software Design Considerations for Security and Resilience Design Issues Architecture and Design Considerations Special Security Design Considerations for Payment Applications on Mobile Communications Devices Designing for Integrity Architecture and Design Review Checklist Summary ReferencesBest Practices for Converting Requirements to Secure Software Designs Secure Design Approach Reusable Security APIs/Libraries Security Frameworks Establishing and Following Best Practices for Design Security Requirements Security Recommendations What’s an Attack Surface? What Is Managed Code?Understanding Business Requirements for Security Design Summary References
Security Test Cases Standardized Testing PolicySecurity Test Cases Test Cases for Identification Requirements Test Cases for Authentication Requirements Test Cases for Authorization Requirements Test Cases for Security Auditing Requirements Test Cases for Confidentiality Requirements Test Cases for Integrity Requirements Test Cases for Availability Requirements Test Cases for Nonrepudiation Requirements Test Cases for Immunity Requirements Test Cases for Survivability Requirements Test Cases for Systems Maintenance Security Requirements Summary
Testing Methods and Best Practices Secure Testing Approach OWASP’s Application Security Verification Standard (ASVS) Application Security Verification Levels Level 1—Automated Verification Level 2—Manual Verification Level 3—Design Verification Level 4—Internal Verification Security Testing Methods Manual Source Code Review Automated Source Code Analysis Automated Reviews Compared with Manual Reviews Automated Source Code Analysis Tools—Deployment Strategy IDE Integration for Developers Build Integration for Governance Automated Dynamic Analysis Limitations of Automated Dynamic Analysis Tools Automated Dynamic Analysis Tools—Deployment Strategy Developer Testing Centralized Quality Assurance Testing Penetration (Pen) Testing Gray Box Testing Summary References
Connecting the Moving PartsOpenSAMM Security Requirements Security Requirements: Level 1 Security Requirements: Level 2 Security Requirements: Level 3 Security Testing Security Testing: Level 1 Security Testing: Level 2 Security Testing: Level 3 Wrap-Up References Index
您曾經瀏覽過的商品
購物須知
外文書商品之書封,為出版社提供之樣本。實際出貨商品,以出版社所提供之現有版本為主。部份書籍,因出版社供應狀況特殊,匯率將依實際狀況做調整。
無庫存之商品,在您完成訂單程序之後,將以空運的方式為你下單調貨。為了縮短等待的時間,建議您將外文書與其他商品分開下單,以獲得最快的取貨速度,平均調貨時間為1~2個月。
為了保護您的權益,「三民網路書店」提供會員七日商品鑑賞期(收到商品為起始日)。
若要辦理退貨,請在商品鑑賞期內寄回,且商品必須是全新狀態與完整包裝(商品、附件、發票、隨貨贈品等)否則恕不接受退貨。