
	Home > Software Quality Tips > Application Security Book Excerpts > Architectural Risk Analysis -- Chapter 5, Software Security: Building Security In

Software Quality Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

APPLICATION SECURITY BOOK EXCERPTS

Architectural Risk Analysis -- Chapter 5, Software Security: Building Security In

Gary McGraw
02.02.2006
Rating: -5.00- (out of 5)

Digg This!

StumbleUpon

Del.icio.us

Software Security: Building Security In
By McGraw, Gary
Published by AWP
Series: Addison-Wesley Software Security Series
ISBN: 0321356705; Published: 1/29/2006; Copyright 2006; Pages: 448; Edition: 1
Click here for more information or to buy the book

As a registered member of SearchAppSecurity.com, you're entitled to a complimentary copy of Chapter 5 of Software Security: Building Security In written by Gary McGraw and published by Addison Wesley Professional. "Architectural Risk Analysis" helps you identify risk, thereby creating a good general-purpose measure of software security, especially if you track risk over time.

[IMAGE]

Book description:
Beginning where the best-selling book Building Secure Software left off, Software Security teaches you how to put software security into practice. The software security best practices, or touch points, described in this book have their basis in good software engineering and involve explicitly pon...

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Application Security Book Excerpts
	Cybersecurity czar candidate questions clout of new position
	Commonly-overlooked security flaws in rich Internet applications
	Common mistakes in real-time Java programming
	Web Security Testing Cookbook sample recipe
	Fuzzing for Software Security Testing and Quality Assurance: Chapter 3, Testing for Quality
	Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering for Secure Software
	InfoSecurity 2008 Threat Analysis, Chapter 4: XSS Theory
	Google Hacking for Penetration Testers, Volume 2: Chapter 6, Locating Exploits and Finding Targets
	Ajax Security -- Chapter 6, Transparency in Ajax Applications
	Fuzzing: Brute Force Vulnerability Discovery -- Chapter 12, Fuzzing Frameworks

Hiring, mentoring and training for software projects

Is your software test team rigorously incompetent?

Advice on how to enter the software technology field

Optimizing project management using text messaging, IMs, and Skype

How to get a software testing job in a recession

Does Microsoft offer an international testing certification?

How to handle IT project management in a recession

How teams transition to agile development methodologies

Do security certifications really matter? Yes, really

Cutting staff for a more agile software development team

Software development lifecycle (SDLC) trends 2009: Requirements, agile

Building security into the SDLC (Software development life cycle)

Problems caused by skipping analysis stage of SDLC

Inexpensive phase of SDLC to catch and fix bugs

GatherSpace beefs up cloud-based requirements management

ALM: Best of breed vs. complete systems

Software development life cycle phases, iterations, explained step by step

The role of quality assurance (QA) pros in software security

Common software security risks and oversights

Why the quality assurance department should be involved in testing

How to develop secure applications

Secure software development practices 'not rocket science'

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

Project Management Professional (PMP) (SearchSoftwareQuality.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

dering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugs and architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing.

Software Security is about putting the touch points to work for you. Because you can apply these touch points to the software artifacts you already produce as you develop software, you can adopt this book's methods without radically changing the way you work. Inside you'll find detailed explanations of the following:

Risk management frameworks and processes
Code review using static analysis tools
Architectural risk analysis
Penetration testing
Security testing
Abuse case development

In addition to the touch points, Software Security covers knowledge management, training and awareness, and enterprise-level software security programs.

>> Read Chapter 5: Architectural Risk Analysis now.

>> Buy the book

Rate this Tip
To rate tips, you must be a member of SearchSoftwareQuality.com. Register now to start rating these tips. Log in if you are already a member.

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Software Design & Testing - Project Management

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2006 - 2009, TechTarget \| Read our Privacy Policy