Secure and resilient software development pdf
Secure and Resilient Software Development - CRC Press BookWelcome to CRCPress. Please choose www. Your GarlandScience. The student resources previously accessed via GarlandScience. Resources to the following titles can be found at www. What are VitalSource eBooks?
Most application security books fall into two categories: business-oriented and vague or ridiculously super technical. Mark and Laksh draw on their extensive experience to bridge this gap effectively. The book consistently links important technical concepts back to the business reasons for application security with interesting stories about real companies dealing with application security issues. Mark S. Mark has over 35 years of experience in information technology in a variety of roles, including applications development, systems analysis and design, security engineer, and security manager.
Secure and Resilient Software: Requirements, Test Cases, and Testing Methods provides a comprehensive set of requirements for secure and resilient software development and operation. It supplies documented test cases for those requirements as well as best practices for testing nonfunctional requirements for improved information assurance. This resource-rich book includes:Pre-developed nonfunctional requirements that can be reused for any software development project Documented test cases that go along with the requirements and can be used to develop a Test Plan for the softwareTesting methods that can be applied to the test cases provided A CD with all security requirements and test cases as well as MS Word versions of the checklists, requirements, and test cases covered in the bookOffering ground-level, already-developed software nonfunctional requirements and corresponding test cases and methods, this book will help to ensure that your software meets its nonfunctional requirements for security and resilience. The accompanying CD filled with helpful checklists and reusable documentation provides you with the tools needed to integrate security into the requirements analysis, design, and testing phases of your software development lifecycle. Some Praise for the Book:This book pulls together the state of the art in thinking about this important issue in a holistic way with several examples.
It is imperative to notify developers about potential security issues as early as possible. It does that by automatically hooking into the GitHub Pull Request PR process and posts PR comments with not only the details about the identified security vulnerabilities but also remediation advice so that developers have actionable guidance to fix those security issues. The recording of the talk is here:. The idea for the talk stemmed from the ton of follow-up questions focussed on one area from my RSA talk last year - automating generation of "security stories" and making them equal citizens to "user stories". It was a great experience overall coupled with interesting hallway conversations from other AppSec practitioners trying to get upfront security requirements into the hands of their developers. Here is the video on YouTube:. RSA Conference