STRENGTHEN SOFTWARE SECURITY BY HELPING DEVELOPERS AND SECURITY EXPERTS WORK TOGETHER Traditional approaches to securing software are inadequate. The solution: Bring software engineering and network security teams together in a new, holistic approach to protecting the entire enterprise. Now, four highly respected security experts explain why this aconfluencea is so crucial, and show how to implement it in your organization. Writing for all software and security practitioners and leaders, they show how software can play a vital, active role in protecting your organization. Youall learn how to construct software that actively safeguards sensitive data and business processes and contributes to intrusion detection/response in sophisticated new ways. The authors cover the entire development lifecycle, including project inception, design, implementation, testing, deployment, operation, and maintenance. They also provide a full chapter of advice specifically for Chief Information Security Officers and other enterprise security executives. Whatever your software security responsibilities, Enterprise Software Security delivers indispensable big-picture guidanceaand specific, high-value recommendations you can apply right now. COVERAGE INCLUDES: ac Overcoming common obstacles to collaboration between developers and IT security professionals ac Helping programmers design, write, deploy, and operate more secure software ac Helping network security engineers use application output more effectively ac Organizing a software security team before youave even created requirements ac Avoiding the unmanageable complexity and inherent flaws of layered security ac Implementing positive software design practices and identifying security defects in existing designs ac Teaming to improve code reviews, clarify attack scenarios associated with vulnerable code, and validate positive compliance ac Moving beyond pentesting toward more comprehensive security testing ac Integrating your new application with your existing security infrastructure ac aRuggedizinga DevOps by adding infosec to the relationship between development and operations ac Protecting application security during maintenanceImagine an authorized user of a credit card processing system that is coopted into working with organized crime to steal customer ... The security folks would thus have the task of monitoring the activity and making security policy enforcementanbsp;...
|Title||:||Enterprise Software Security|
|Author||:||Kenneth R. van Wyk, Mark G. Graff, Dan S. Peters, Diana L. Burley Ph.D.|
|Publisher||:||Addison-Wesley Professional - 2014-12-01|