Software Security: Building Security In (Addison-Wesley Software Security Series)
Select Format
Select Condition 
Book Overview
--Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies "McGraw's book shows you how to make the 'culture of security' part of your development lifecycle."
--Howard A. Schmidt, Former White House Cyber Security Advisor "McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall."
--Avi Rubin, Director of the NSF ACCURATE Center; Professor, Johns Hopkins University; and coauthor of Firewalls and Internet Security Beginning where the best-selling book Building Secure Software left off, Software Security teaches you how to put software security into practice.The software security best practices, or touchpoints, described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugsand architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing. Software Security is about putting the touchpoints to work for you. Because you can apply these touchpoints to the software artifacts you already produce as you develop software, you can adopt this book's methods without radically changing the way you work. Inside you'll find detailed explanations of Risk management frameworks and processes Code review using static analysis tools Architectural risk analysis Penetration testing Security testing Abuse case development In addition to the touchpoints, Software Security covers knowledge management, training and awareness, and enterprise-level software security programs. Now that the world agrees that software security is central to computer security, it is time to put philosophy into practice. Create your own secure development lifecycle by enhancing your existing software development lifecycle with the touchpoints described in this book. Let this expert author show you how to build more secure software by building security in.
Related Subjects
Business & Management Certification CompTIA Computer Science Computers Computers & Technology Encryption Internet, Groupware, & Telecommunications Network Security Networking Security & Encryption Software Design & Engineering Software Design, Testing & Engineering Software Development Software EngineeringYou Might Also Enjoy
Customer Reviews
Rated 5 starsRequired residing for all software developers
The root cause of many security vulnerabilities is poorly written software. Often, software applications are written without security in mind. The logical, yet elusive, solution is to ensure that software developers are trained in writing secure code. Software Security: Building Security In is a valiant attempt to show software developers how to do just that. The book is the latest step in Gary McGraw's software security...
0Report
Rated 5 starsA powerful book with deep truths for secure development
I read six books on software security recently, namely "Writing Secure Code, 2nd Ed" by Michael Howard and David LeBlanc; "19 Deadly Sins of Software Security" by Michael Howard, David LeBlanc, and John Viega; "Software Security" by Gary McGraw; "The Security Development Lifecycle" by Michael Howard and Steve Lipner; "High-Assurance Design" by Cliff Berg; and "Security Patterns" by Markus Schumacher, et al. Each book takes...
1Report
Rated 5 starsCritical reading if you're just getting started
When my company began to investigate software security, we all mistakenly assumed it would be possible to just train the developers what mistakes not to make and all would be well with the world. This book was the first step toward fixing that misunderstanding. Dr. McGraw does an excellent job of describing the environment and the practices that are required when implementing secure coding in the lifecycle. But, he's also...
0Report
Rated 5 starsIntegral to your software development process
Software security is a continual process, requiring first an understanding of the issues. To be effective, this understanding and knowledge must then be incorporated into the software development lifecycle including design, coding, testing, and deployment. Several years ago I helped build a security analysis tool for Windows NT, called NtSpectre. We built the tool to analyze the security configuration of servers designed for...
0Report
Rated 5 starsA must-have for anyone building networked systems
On the one hand, it is risky for me to praise this book. I make my living teaching and practicing computer security. If everyone writing software these days were to read this book, I might eventually find myself out of business. Gary McGraw, one of the leading security luminaries int he world, has got it right. Security cannot be added to systems once they are built. It must be designed in from the very beginning. The security...
0Report
Based on Your Recent Browsing
ThriftBooks ® and the ThriftBooks ® logo are registered trademarks of Thrift Books Global, LLC
