Secure and Resilient Software Development
1st Edition
Published on 16. June 2010
Book
Hardback
404 pages
978-1-4398-2696-6 (ISBN)
Description
Although many software books highlight open problems in secure software development, few provide easily actionable, ground-level solutions. Breaking the mold, Secure and Resilient Software Development teaches you how to apply best practices and standards for consistent and secure software development. It details specific quality software development strategies and practices that stress resilience requirements with precise, actionable, and ground-level inputs.
Providing comprehensive coverage, the book illustrates all phases of the secure software development life cycle. It shows developers how to master non-functional requirements including reliability, security, and resilience. The authors provide expert-level guidance through all phases of the process and supply many best practices, principles, testing practices, and design methodologies.
For updates to this book and ongoing activities of interest to the secure and resilient software community, please visit: www.srsdlc.com
"Secure and Resilient Software Development provides a strong foundation for anyone getting started in application security. Most application security books fall into two categories: business-oriented and vague or ridiculously super technical. Mark and Laksh draw on their extensive experience to bridge this gap effectively. The book consistently links important technical concepts back to the business reasons for application security with interesting stories about real companies dealing with application security issues."
-Jeff Williams, Chair, The OWASP Foundation
Providing comprehensive coverage, the book illustrates all phases of the secure software development life cycle. It shows developers how to master non-functional requirements including reliability, security, and resilience. The authors provide expert-level guidance through all phases of the process and supply many best practices, principles, testing practices, and design methodologies.
For updates to this book and ongoing activities of interest to the secure and resilient software community, please visit: www.srsdlc.com
"Secure and Resilient Software Development provides a strong foundation for anyone getting started in application security. Most application security books fall into two categories: business-oriented and vague or ridiculously super technical. Mark and Laksh draw on their extensive experience to bridge this gap effectively. The book consistently links important technical concepts back to the business reasons for application security with interesting stories about real companies dealing with application security issues."
-Jeff Williams, Chair, The OWASP Foundation
Reviews / Votes
... provides a strong foundation for anyone getting started in application security. Most application security books fall into two categories: business-oriented and vague or ridiculously super technical. Mark and Laksh draw on their extensive experience to bridge this gap effectively. The book consistently links important technical concepts back to the business reasons for application security with interesting stories about real companies dealing with application security issues.-Jeff Williams, Chair, The OWASP Foundation ... provides a strong foundation for anyone getting started in application security. Most application security books fall into two categories: business-oriented and vague or ridiculously super technical. Mark and Laksh draw on their extensive experience to bridge this gap effectively. The book consistently links important technical concepts back to the business reasons for application security with interesting stories about real companies dealing with application security issues.-Jeff Williams, Chair, The OWASP FoundationMore details
Language
English
Place of publication
Washington
United States
Target group
College/higher education
Software developers, software engineers, and programmers.
Illustrations
57 s/w Abbildungen, 19 s/w Tabellen
19 Tables, black and white; 57 Illustrations, black and white
Dimensions
Height: 240 mm
Width: 161 mm
Thickness: 26 mm
Weight
772 gr
ISBN-13
978-1-4398-2696-6 (9781439826966)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
Mark S. Merkow | Lakshmikanth Raghavan
Secure and Resilient Software Development
E-Book
06/2010
Auerbach
€73.99
Available for download
Mark S. Merkow | Lakshmikanth Raghavan
Secure and Resilient Software Development
E-Book
06/2010
Auerbach Publishers Inc.
€73.99
Available for download
Persons
Mark S. Merkow, CISSP, CISM, CSSLP, works at PayPal Inc. (an eBay company) in Scottsdale, Arizona, as Manager of Security Consulting and IT Security Strategy in the Information Risk Management area. Mark has over 35 years of experience in information technology in a variety of roles, including applications development, systems analysis and design, security engineer, and security manager. Mark holds a Masters in Decision and Info Systems from Arizona State University (ASU), a Masters of Education in Distance Learning from ASU, and a BS in Computer Info Systems from ASU. In addition to his day job, Mark engages in a number of extracurricular activities, including consulting, course development, online course delivery, writing e-business columns, and writing books on information technology and information security.
Mark has authored or co-authored nine books on IT and has been a contributing editor to four others.
Mark remains very active in the information security community, working in a variety of roles for the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Financial Services Technology Consortium (FSTC), and the Financial Services Sector Coordinating Council (FSCCC) on Homeland Security and Critical Infrastructure Protection.
Lakshmikanth Raghavan (Laksh) works at PayPal Inc. (an eBay company) as Staff Information Security Engineer in the Information Risk Management area. He has over eight years of experience in the areas of information security and information risk management and has been providing consulting services to Fortune 500 companies and financial services companies around the world in his previous stints. He is a Certified Ethical Hacker (CEH) and also maintains the Certified Information Security Manager (CISM) certificate from ISACA (previously known as the Information Systems Audit and Control Association). Laksh holds a Bachelor's degree in Electronics & Telecommunication Engineering from the University of Madras, India. Laksh enjoys writing security-related articles and has spoken on the various dimensions of software security at industry forums and security conferences.
Mark has authored or co-authored nine books on IT and has been a contributing editor to four others.
Mark remains very active in the information security community, working in a variety of roles for the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Financial Services Technology Consortium (FSTC), and the Financial Services Sector Coordinating Council (FSCCC) on Homeland Security and Critical Infrastructure Protection.
Lakshmikanth Raghavan (Laksh) works at PayPal Inc. (an eBay company) as Staff Information Security Engineer in the Information Risk Management area. He has over eight years of experience in the areas of information security and information risk management and has been providing consulting services to Fortune 500 companies and financial services companies around the world in his previous stints. He is a Certified Ethical Hacker (CEH) and also maintains the Certified Information Security Manager (CISM) certificate from ISACA (previously known as the Information Systems Audit and Control Association). Laksh holds a Bachelor's degree in Electronics & Telecommunication Engineering from the University of Madras, India. Laksh enjoys writing security-related articles and has spoken on the various dimensions of software security at industry forums and security conferences.
Content
Introduction: Software Resilience. Functionality and Beyond. Software Is Woeful and Getting Worse. Application Security: Critical Concepts. Proven Principles for Resilient Applications. Secure Application Design. Programming Best Practices. Special Considerations. Security Testing. Integrating Security In Your Own SLDC. Security is a Never-ending Journey. Appendices. Glossary.