Traditionally, software engineers have defined security as a non-functional requirement. As such, all too often it is only considered as an afterthought, making software applications and services vulnerable to attacks. With the phenomenal growth in cybercrime, it has become imperative that security be an integral part of software engineering so that all software assets are protected and safe. Architecting Secure Software Systems defines how security should be incorporated into basic software engineering at the requirement analysis phase, continuing this sharp focus into security design, secured programming, security testing, and secured deployment.
Outlines Protection Protocols for Numerous Applications
Through the use of examples, this volume defines a myriad of security vulnerabilities and their resultant threats. It details how to do a security requirement analysis and outlines the security development lifecycle. The authors examine security architectures and threat countermeasures for UNIX, .NET, Java, mobile, and Web environments. Finally, they explore the security of telecommunications and other distributed services through Service Oriented Architecture (SOA). The book employs a versatile multi-platform approach that allows users to seamlessly integrate the material into their own programming paradigm regardless of their individual programming backgrounds. The text also provides real-world code snippets for experimentation.
Define a Security Methodology from the Initial Phase of Development
Almost all assets in our lives have a virtual presence and the convergence of computer information and telecommunications makes these assets accessible to everyone in the world. This volume enables developers, engineers, and architects to approach security in a holistic fashion at the beginning of the software development lifecycle. By securing these systems from the project's inception, the monetary and personal privacy catastrophes caused by weak systems can potentially be avoided.
Security in Software Systems Need for Computer Security Vulnerability and Attacks Various Security Attacks Computer Security Counter External Threats Security Programming Database Security Common Criteria Security Standards Architecting Secure Software Systems Building Secured System Security Requirements Analysis Threat Modeling Security Design Security Coding Safe Programming Security Review Generating the Executable Security Testing Secured Deployment Security Remediation Security Documentation Security Response Planning Safety-Critical Systems Constructing Secured and Safe C/UNIX Programs UNIX and Linux History UNIX and Linux Security Privileges in UNIX Secure Network Programming UNIX Virtualization UNIX Security Logging C/C++ Language Common Security Problems with C/C++ Avoiding Security Risks with C/C++ Code Some Coding Rules Constructing Secured Systems in NET Overview of .NET 3.0 Common Language Runtime NET Runtime Security NET Security Architecture Identity and Principal Permission Code Access Security Role-Based Security Type Safety and Security ASP.NET Security NET Remoting Security Windows Security Networking and Service-Oriented Architecture-Based Security Networking and Open Systems Interconnection Model Transmission Control Protocol/Internet Protocol Primer Security Using Sockets Service-Oriented Architecture Remote Procedure Call Remote Method Invocation Security Common Object Request Broker Architecture Security Securing ActiveX Control Distributed Component Object Model Security Java Client-Side Security Java Framework Java Platform Security The Java Cryptography Application Programming Interface Java Secure Sockets Extension Authentication and Access Control Java Sandbox Java Applets Security Java Swing Security in Mobile Applications Mobile Computing Networks Next Generation Networks Next Generation Network Security Mobile Applications Security in Mobile Computing Scenario Java 2 Micro Edition Security Java Card and Universal Subscriber Identity Module Security Wireless Application Protocol Security Security Implementation in Windows Mobile Mobile Agents Mobile Ad Hoc Network Security Digital Rights Management Security in Web-Facing Applications Overview of Web Security Identity Management Public Key Infrastructure Trust in Service Emerging Security Technologies Code Injection Parameter Tampering Cross-Site Scripting File Disclosure Next Generation Webs Next Generation Web Security Secured Web Programming Application Vulnerability Description Language Server-Side Java Security Server-Side Java Servlet Security Securing Java Server Pages Java Struts Security Java Server Faces Security Web Application Development Rules Securing Enterprise JavaBeans Constructing Secured Web Services Web Services Security Threat Profile and Risk Analysis Web Service Security Model Web Services Security Standards Servlet Security for Web Services Secure Sockets Layer Security for Web Services WS Security with Apache AXIS XML and XPath Injection Attack Through SOAP-Based Web Services Federated Identity Management and Web Services Security Index