This free Computer Ebooks and tutorial download site provides free e-books in Core JAVA, J2EE, Advanced, J2ME, JSP Ebooks and Tutorial, CCIE, CCNA, CCIP, CCNP, CCDP, CCSP Ebooks and Tutorial & Ebook references, Basic Electronics, Computer Hardware, Microprocessor, System programming, Oracle, Mysql, Ms sql, sybase, db2 Ebooks and Tutorial, Networking Ebooks and Tutorials, Data Structure and Algorithms Ebooks and Tutorial, CSS, HTML, Javascript, CGI,cisco,php,SAP.



Saturday, May 24, 2008

Software Security Engineering: A Guide for Project Managers


Software Security Engineering: A Guide for Project Managers


Author: Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw and Nancy R. Mead
Paperback: 368 pages
Publisher: Addison-Wesley Professional; 1 edition (May 11, 2008)
Language: English
ISBN-10: 032150917X
ISBN-13: 978-0321509178
Format: chm
Details:
“This book’s broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle.”
–Steve Riley, senior security strategist, Microsoft Corporation
“There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one.”
–Ronda Henning, senior scientist-software/security queen, Harris Corporation
Software that is developed from the beginning with security in mind will resist, tolerate, and recover from attacks more effectively than would otherwise be possible. While there may be no silver bullet for security, there are practices that project managers will find beneficial. With this management guide, you can select from a number of sound practices likely to increase the security and dependability of your software, both during its development and subsequently in its operation.
Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC). The book’s expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security.
This book will help you understand why
Software security is about more than just eliminating vulnerabilities and conducting penetration tests
Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks
Software security initiatives should follow a risk-management approach to identify priorities and to define what is “good enough”–understanding that software security risks will change throughout the SDLC
Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack


BigDownload link :


BigDownload

Digg this

No comments: