Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World (Developer Best Practices)
STRENGTHEN SOFTWARE SECURITY BY HELPING DEVELOPERS AND SECURITY EXPERTS WORK TOGETHER
Â
Traditional approaches to securing software are inadequate. The solution: Bring software engineering and network security teams together in a new, holistic approach to protecting the entire enterprise. Now, four highly respected security experts explain why this “confluence†is so crucial, and show how to implement it in your organization.
Â
Writing for all software and security practitioners and leaders, they show how software can play a vital, active role in protecting your organization. You’ll learn how to construct software that actively safeguards sensitive data and business processes and contributes to intrusion detection/response in sophisticated new ways. The authors cover the entire development lifecycle, including project inception, design, implementation, testing, deployment, operation, and maintenance. They also provide a full chapter of advice specifically for Chief Information Security Officers and other enterprise security executives.
Whatever your software security responsibilities, Enterprise Software Security delivers indispensable big-picture guidance–and specific, high-value recommendations you can apply right now.
Â
COVERAGE INCLUDES:
• Overcoming common obstacles to collaboration between developers and IT security professionals
• Helping programmers design, write, deploy, and operate more secure software
• Helping network security engineers use application output more effectively
• Organizing a software security team before you’ve even created requirements
• Avoiding the unmanageable complexity and inherent flaws of layered security
• Implementing positive software design practices and identifying security defects in existing designs
• Teaming to improve code reviews, clarify attack scenarios associated with vulnerable code, and validate positive compliance
• Moving beyond pentesting toward more comprehensive security testing
• Integrating your new application with your existing security infrastructure
• “Ruggedizing†DevOps by adding infosec to the relationship between development and operations
• Protecting application security during maintenance
Country | USA |
Brand | Addison Wesley |
Manufacturer | AddisonWesley Professional |
Binding | Paperback |
ReleaseDate | 2014-12-17 |
UnitCount | 1 |
EANs | 9780321604118 |