Welcome to UPM Library, Online Public Access Catalogue (OPAC)
About Library Services  E-Resources Quick Links Countact Us
Amazon cover image
Image from Amazon.com

Secure software design / Theodor Richardson, PHD., Charles N. Thies.

By: Contributor(s): Material type: TextTextPublication details: Burlington, Mass. : Jones & Bartlett Learning, c2013.Description: xix, 407 pages : illustrations; 24 cmContent type:
  • Text
Media type:
  • unmediated
Carrier type:
  • volume
ISBN:
  • 9781449626327 (paperback)
Subject(s): DDC classification:
  • 005.8 23
Contents:
Machine generated contents note: ch. 1 Introduction -- 1.1. World Turned Upside Down -- 1.2. Lingo -- 1.3. Usual Suspects -- 1.4. Many Hats of Hackers -- 1.5. Tools of the Trade -- 1.5.1. CIA Triad -- 1.5.2. Cryptography -- 1.5.3. Public Key Cryptography -- 1.5.4. Integrity -- 1.5.5. Availability -- 1.6. Fighting Fire -- 1.6.1. Prevention -- 1.6.2. Avoidance -- 1.6.3. Detection -- 1.6.4. Recovery -- 1.7. Changing the Design -- 1.8. Red vs. Blue -- 1.9. Shape of Things -- 1.10. Chapter Summary -- 1.11. Chapter Exercise -- 1.12. Business Application -- 1.13. Key Concepts and Terms -- 1.14. Assessment -- 1.15. Critical Thinking -- 1.16. Graduate Focus -- 1.17. Bibliography -- ch. 2 Current and Emerging Threats -- 2.1. Human Factor -- 2.2. Network -- 2.3. Operating System Environment -- 2.4. Data Management -- 2.5. Data-Centric Threats -- 2.6. Chapter Summary -- 2.7. Chapter Exercise -- 2.8. Business Application -- 2.9. Key Concepts and Terms -- 2.10. Assessment -- 2.11. Critical Thinking -- 2.12. Graduate Focus -- 2.13. Bibliography -- ch. 3 Network Environment -- 3.1. Introducing Eve -- 3.2. Science of Secrecy -- 3.2.1. Cryptography in the Wartime Era -- 3.2.2. National Standard -- 3.2.3. Advent of Public Key Cryptography -- 3.2.4. Quest for Perfect Secrecy -- 3.3. Eve Unleashed -- 3.4. Malicious Modifications and Insidious Insertions -- 3.5. Play It Again, Eve -- 3.6. Eve in the Middle -- 3.7. Making the Connection -- 3.8. Roll Up the Welcome Mat -- 3.9. Why in What and How -- 3.10. Chapter Summary -- 3.11. Chapter Exercise -- 3.12. Business Application -- 3.13. Key Concepts and Terms -- 3.14. Assessment -- 3.15. Critical Thinking -- 3.16. Graduate Focus -- 3.17. Bibliography -- ch. 4 Operating System Environment -- 4.1. What Is Operating System Security? -- 4.2. Common Operating Systems -- 4.3. Operating System Threats -- 4.4. Operating System Defense Tactics -- 4.4.1. Mac OS X Snow Leopard -- 4.4.2. Linux -- 4.4.3. Windows 7 -- 4.5. Auditing and Monitoring -- 4.6. Backup and Redundancy -- 4.7. Remote Access Security -- 4.8. Virtualization -- 4.9. Chapter Summary -- 4.10. Chapter Exercise -- 4.11. Business Application -- 4.12. Key Concepts and Terms -- 4.13. Assessment -- 4.14. Critical Thinking -- 4.15. Graduate Focus -- 4.16. Bibliography -- ch. 5 Database Environment -- 5.1. Database Fundamentals -- 5.2. Conceptual Design -- 5.3. Logical Design -- 5.3.1. Database Normalization -- 5.3.2. First Normal Form -- 5.3.3. Second Normal Form -- 5.3.4. Third Normal Form -- 5.4. Physical Design -- 5.4.1. Introduction to SQL -- 5.4.2. Using the CREATE TABLE Command to Develop a New Table -- 5.4.3. Modifying a Table -- 5.5. User Interface -- 5.6. Web Applications and the Internet -- 5.7. Chapter Summary -- 5.8. Chapter Exercise -- 5.9. Business Application -- 5.10. Key Concepts and Terms -- 5.11. Assessment -- 5.12. Critical Thinking -- 5.13. Graduate Focus -- 5.14. Bibliography -- ch. 6 Programming Languages -- 6.1. Language Barriers -- 6.2. Buffer Bashing -- 6.3. Good Input -- 6.4. Good Output -- 6.5. Inherent Inheritance and Overdoing Overloads -- 6.6. Threatdown -- 6.7. Deployment Issues -- 6.8. Chapter Summary -- 6.9. Chapter Exercise -- 6.10. Business Application -- 6.11. Key Concepts and Terms -- 6.12. Assessment -- 6.13. Critical Thinking -- 6.14. Graduate Focus -- 6.15. Bibliography -- ch. 7 Security Requirements Planning -- 7.1. You, Me, and the SDLC -- 7.2. Establishing Stakeholders -- 7.3. Gathering Requirements -- 7.4. Functional and Nonfunctional Security -- 7.5. Establishing Scope -- 7.6. Chapter Summary -- 7.7. Chapter Exercise -- 7.8. Business Application -- 7.9. Key Concepts and Terms -- 7.10. Assessment -- 7.11. Critical Thinking -- 7.12. Graduate Focus -- 7.13. Bibliography -- ch. 8 Vulnerability Mapping -- 8.1. Use Case Construction and Extension -- 8.2. Managing Misuse -- 8.3. Off the Map -- 8.4. Sequence Diagrams and Class Analysis -- 8.5. Data Planning -- 8.6. Knowing Your Boundaries -- 8.7. Examining Communication, Activity, and State Diagrams -- 8.8. Vulnerability Mapping -- 8.9. Complete Business System Specifications -- 8.10. Chapter Summary -- 8.11. Chapter Exercise -- 8.12. Business Application -- 8.13. Key Concepts and Terms -- 8.14. Assessment -- 8.15. Critical Thinking -- 8.16. Graduate Focus -- 8.17. Bibliography -- ch. 9 Development and Implementation -- 9.1. Architecture Decision -- 9.1.1. Monolithic -- 9.1.2. 2-Tier -- 9.1.3. 3-Tier -- 9.1.4. N-Tier -- 9.1.5. Distributed Computing -- 9.2. Software Sources -- 9.3. Watch Your Language -- 9.4. Class Security Analysis -- 9.5. Procedural Security -- 9.6. Modular Mayhem -- 9.7. Life of Data -- 9.8. Attack Surface Reduction -- 9.9. Document, Document, Document -- 9.10. Chapter Summary -- 9.11. Chapter Exercise -- 9.12. Business Application -- 9.13. Key Concepts and Terms -- 9.14. Assessment -- 9.15. Critical Thinking -- 9.16. Graduate Focus -- 9.17. Bibliography -- ch. 10 Application Review and Testing -- 10.1. Static Analysis -- 10.2. Dynamic Analysis -- 10.3. Casing the Joint -- 10.4. Takedown -- 10.5. Never Stop at One -- 10.6. Hardening the System -- 10.7. Chapter Summary -- 10.8. Chapter Exercise -- 10.9. Business Application -- 10.10. Key Concepts and Terms -- 10.11. Assessment -- 10.12. Critical Thinking -- 10.13. Graduate Focus -- 10.14. Bibliography -- ch. 11 Incorporating SSD with the SDLC -- 11.1. Incident Response Plan -- 11.2. Final Security Review -- 11.3. Into the Wild -- 11.4. Review and React -- 11.4.1. Evolving Attacks -- 11.4.2. Periodic Review and Archiving -- 11.4.3. Secure System Retirement -- 11.5. Culture of Security -- 11.6. Integration Tools -- 11.7. Chapter Summary -- 11.8. Chapter Exercise -- 11.9. Business Application -- 11.10. Key Concepts and Terms -- 11.11. Assessment -- 11.12. Critical Thinking -- 11.13. Graduate Focus -- 11.14. Bibliography -- ch. 12 Personnel Training -- 12.1. Information Security Audience -- 12.2. Organization's Culture in the Web 2.0 Era -- 12.3. Information Assurance Curriculum Content -- 12.4. Security Training Delivery Methods -- 12.5. Implementing a Training Solution -- 12.5.1. Step 1: Identify the Program Scope, Goals, and Objectives -- 12.5.2. Step 2: Identify Training Staff -- 12.5.3. Step 3: Identify Target Audience -- 12.5.4. Step 4: Motivate Management and Employees -- 12.5.5. Step 5: Administer the Program -- 12.5.6. Step 6: Maintain the Program -- 12.5.7. Step 7: Evaluate the Program -- 12.6. Enforcing Computer Policy and Computer Crime Investigations -- 12.7. Chapter Summary -- 12.8. Chapter Exercise -- 12.9. Business Application -- 12.10. Key Concepts and Terms -- 12.11. Assessment -- 12.12. Critical Thinking -- 12.13. Graduate Focus -- 12.14. Bibliography -- ch. 13 Culture of Security -- 13.1. Confidentiality, Integrity, and Availability -- 13.2. Driving the Development Process with Consistency -- 13.3. Secure Software Design-Legal Environment -- 13.4. Security Policy in the Organization -- 13.5. Enforcing Security Policy -- 13.6. Chapter Summary -- 13.7. Chapter Exercise -- 13.8. Business Application -- 13.9. Key Concepts and Terms -- 13.10. Assessment -- 13.11. Critical Thinking -- 13.12. Graduate Focus -- 13.13. Bibliography -- ch. 14 Web Application Threats -- 14.1. Client at Risk -- 14.2. Biggest Threats to Web Applications -- 14.3. JavaScript and AJAX -- 14.4. Adobe Flash -- 14.5. ActiveX -- 14.6. Simplify, Restrict, and Scrub -- 14.7. Chapter Summary -- 14.8. Chapter Exercise -- 14.9. Business Application -- 14.10. Key Concepts and Terms -- 14.11. Assessment -- 14.12. Critical Thinking -- 14.13. Graduate Focus -- 14.14. Bibliography -- ch. 15 Secure Data Management -- 15.1. Modern Threats to Database Security -- 15.2. Managing Roles and Access -- 15.2.1. Removing a User from the Database -- 15.2.2. Authentication -- 15.2.3. Encryption -- 15.2.4. Database Views -- 15.3. Database Auditing -- 15.4. Database Backup and Recovery Strategy -- 15.5. Data in the Cloud Environment -- 15.6. Chapter Summary -- 15.7. Chapter Exercise -- 15.8. Business Application -- 15.9. Key Concepts and Terms -- 15.10. Assessment -- 15.11. Critical Thinking -- 15.12. Graduate Focus -- 15.13. Bibliography -- ch.
16 Zero Day and Beyond -- 16.1. Prediction Through Penetration Testing -- 16.2. Insider Threat and Beyond -- 16.3. Mitigation to Defend Against the Unknown -- 16.4. Organization Incident Response -- 16.5. Business Continuity Plan -- 16.6. Becoming and Staying Proactive -- 16.7. Chapter Summary -- 16.8. Chapter Exercise -- 16.9. Business Application -- 16.10. Key Concepts and Terms -- 16.11. Assessment -- 16.12. Critical Thinking -- 16.13. Graduate Focus -- 16.14. Bibliography.
Star ratings
    Average rating: 0.0 (0 votes)
Holdings
Item type Current library Collection Call number Copy number Status Date due Barcode
Text Books Text Books UPM Female Campus Library FR Computer and Cyber Sciences 005.8 RTS (Browse shelf(Opens below)) C.1 Available BC0000001508
Text Books Text Books UPM Female Campus Library FR Computer and Cyber Sciences 005.8 RTS (Browse shelf(Opens below)) C.2 Available BC0000002092
Text Books Text Books UPM Female Campus Library FR Computer and Cyber Sciences 005.8 RTS (Browse shelf(Opens below)) C.3 Available BC0000002093
Text Books Text Books UPM Female Campus Library FR Computer and Cyber Sciences 005.8 RTS (Browse shelf(Opens below)) C.4 Available BC0000002094
Text Books Text Books UPM Female Campus Library FR Computer and Cyber Sciences 005.8 RTS (Browse shelf(Opens below)) C.8 Available BC0000002489
Text Books Text Books UPM Female Campus Library FR Computer and Cyber Sciences 005.8 RTS (Browse shelf(Opens below)) C.9 Available BC0000002490
Text Books Text Books UPM Female Campus Library FR Computer and Cyber Sciences 005.8 RTS (Browse shelf(Opens below)) C.10 Available BC0000002491
Books Books UPM Male Campus Library STACKS Computer and Cyber Sciences 005.8 RTS (Browse shelf(Opens below)) C.2 Available BC0000001509
Text Books Text Books UPM Male Campus Library FR Computer and Cyber Sciences 005.8 RTS (Browse shelf(Opens below)) C.5 Available BC0000002095
Text Books Text Books UPM Male Campus Library FR Computer and Cyber Sciences 005.8 RTS (Browse shelf(Opens below)) C.6 Available BC0000002096
Text Books Text Books UPM Male Campus Library FR Computer and Cyber Sciences 005.8 RTS (Browse shelf(Opens below)) C.7 Available BC0000002091
Text Books Text Books UPM Male Campus Library FR Computer and Cyber Sciences 005.8 RTS (Browse shelf(Opens below)) C.11 Available BC0000002492
Text Books Text Books UPM Male Campus Library FR Computer and Cyber Sciences 005.8 RTS (Browse shelf(Opens below)) C.12 Available BC0000002493

Includes bibliographical references and index.

Machine generated contents note: ch. 1 Introduction -- 1.1. World Turned Upside Down -- 1.2. Lingo -- 1.3. Usual Suspects -- 1.4. Many Hats of Hackers -- 1.5. Tools of the Trade -- 1.5.1. CIA Triad -- 1.5.2. Cryptography -- 1.5.3. Public Key Cryptography -- 1.5.4. Integrity -- 1.5.5. Availability -- 1.6. Fighting Fire -- 1.6.1. Prevention -- 1.6.2. Avoidance -- 1.6.3. Detection -- 1.6.4. Recovery -- 1.7. Changing the Design -- 1.8. Red vs. Blue -- 1.9. Shape of Things -- 1.10. Chapter Summary -- 1.11. Chapter Exercise -- 1.12. Business Application -- 1.13. Key Concepts and Terms -- 1.14. Assessment -- 1.15. Critical Thinking -- 1.16. Graduate Focus -- 1.17. Bibliography -- ch. 2 Current and Emerging Threats -- 2.1. Human Factor -- 2.2. Network -- 2.3. Operating System Environment -- 2.4. Data Management -- 2.5. Data-Centric Threats -- 2.6. Chapter Summary -- 2.7. Chapter Exercise -- 2.8. Business Application -- 2.9. Key Concepts and Terms -- 2.10. Assessment -- 2.11. Critical Thinking -- 2.12. Graduate Focus -- 2.13. Bibliography -- ch. 3 Network Environment -- 3.1. Introducing Eve -- 3.2. Science of Secrecy -- 3.2.1. Cryptography in the Wartime Era -- 3.2.2. National Standard -- 3.2.3. Advent of Public Key Cryptography -- 3.2.4. Quest for Perfect Secrecy -- 3.3. Eve Unleashed -- 3.4. Malicious Modifications and Insidious Insertions -- 3.5. Play It Again, Eve -- 3.6. Eve in the Middle -- 3.7. Making the Connection -- 3.8. Roll Up the Welcome Mat -- 3.9. Why in What and How -- 3.10. Chapter Summary -- 3.11. Chapter Exercise -- 3.12. Business Application -- 3.13. Key Concepts and Terms -- 3.14. Assessment -- 3.15. Critical Thinking -- 3.16. Graduate Focus -- 3.17. Bibliography -- ch. 4 Operating System Environment -- 4.1. What Is Operating System Security? -- 4.2. Common Operating Systems -- 4.3. Operating System Threats -- 4.4. Operating System Defense Tactics -- 4.4.1. Mac OS X Snow Leopard -- 4.4.2. Linux -- 4.4.3. Windows 7 -- 4.5. Auditing and Monitoring -- 4.6. Backup and Redundancy -- 4.7. Remote Access Security -- 4.8. Virtualization -- 4.9. Chapter Summary -- 4.10. Chapter Exercise -- 4.11. Business Application -- 4.12. Key Concepts and Terms -- 4.13. Assessment -- 4.14. Critical Thinking -- 4.15. Graduate Focus -- 4.16. Bibliography -- ch. 5 Database Environment -- 5.1. Database Fundamentals -- 5.2. Conceptual Design -- 5.3. Logical Design -- 5.3.1. Database Normalization -- 5.3.2. First Normal Form -- 5.3.3. Second Normal Form -- 5.3.4. Third Normal Form -- 5.4. Physical Design -- 5.4.1. Introduction to SQL -- 5.4.2. Using the CREATE TABLE Command to Develop a New Table -- 5.4.3. Modifying a Table -- 5.5. User Interface -- 5.6. Web Applications and the Internet -- 5.7. Chapter Summary -- 5.8. Chapter Exercise -- 5.9. Business Application -- 5.10. Key Concepts and Terms -- 5.11. Assessment -- 5.12. Critical Thinking -- 5.13. Graduate Focus -- 5.14. Bibliography -- ch. 6 Programming Languages -- 6.1. Language Barriers -- 6.2. Buffer Bashing -- 6.3. Good Input -- 6.4. Good Output -- 6.5. Inherent Inheritance and Overdoing Overloads -- 6.6. Threatdown -- 6.7. Deployment Issues -- 6.8. Chapter Summary -- 6.9. Chapter Exercise -- 6.10. Business Application -- 6.11. Key Concepts and Terms -- 6.12. Assessment -- 6.13. Critical Thinking -- 6.14. Graduate Focus -- 6.15. Bibliography -- ch. 7 Security Requirements Planning -- 7.1. You, Me, and the SDLC -- 7.2. Establishing Stakeholders -- 7.3. Gathering Requirements -- 7.4. Functional and Nonfunctional Security -- 7.5. Establishing Scope -- 7.6. Chapter Summary -- 7.7. Chapter Exercise -- 7.8. Business Application -- 7.9. Key Concepts and Terms -- 7.10. Assessment -- 7.11. Critical Thinking -- 7.12. Graduate Focus -- 7.13. Bibliography -- ch. 8 Vulnerability Mapping -- 8.1. Use Case Construction and Extension -- 8.2. Managing Misuse -- 8.3. Off the Map -- 8.4. Sequence Diagrams and Class Analysis -- 8.5. Data Planning -- 8.6. Knowing Your Boundaries -- 8.7. Examining Communication, Activity, and State Diagrams -- 8.8. Vulnerability Mapping -- 8.9. Complete Business System Specifications -- 8.10. Chapter Summary -- 8.11. Chapter Exercise -- 8.12. Business Application -- 8.13. Key Concepts and Terms -- 8.14. Assessment -- 8.15. Critical Thinking -- 8.16. Graduate Focus -- 8.17. Bibliography -- ch. 9 Development and Implementation -- 9.1. Architecture Decision -- 9.1.1. Monolithic -- 9.1.2. 2-Tier -- 9.1.3. 3-Tier -- 9.1.4. N-Tier -- 9.1.5. Distributed Computing -- 9.2. Software Sources -- 9.3. Watch Your Language -- 9.4. Class Security Analysis -- 9.5. Procedural Security -- 9.6. Modular Mayhem -- 9.7. Life of Data -- 9.8. Attack Surface Reduction -- 9.9. Document, Document, Document -- 9.10. Chapter Summary -- 9.11. Chapter Exercise -- 9.12. Business Application -- 9.13. Key Concepts and Terms -- 9.14. Assessment -- 9.15. Critical Thinking -- 9.16. Graduate Focus -- 9.17. Bibliography -- ch. 10 Application Review and Testing -- 10.1. Static Analysis -- 10.2. Dynamic Analysis -- 10.3. Casing the Joint -- 10.4. Takedown -- 10.5. Never Stop at One -- 10.6. Hardening the System -- 10.7. Chapter Summary -- 10.8. Chapter Exercise -- 10.9. Business Application -- 10.10. Key Concepts and Terms -- 10.11. Assessment -- 10.12. Critical Thinking -- 10.13. Graduate Focus -- 10.14. Bibliography -- ch. 11 Incorporating SSD with the SDLC -- 11.1. Incident Response Plan -- 11.2. Final Security Review -- 11.3. Into the Wild -- 11.4. Review and React -- 11.4.1. Evolving Attacks -- 11.4.2. Periodic Review and Archiving -- 11.4.3. Secure System Retirement -- 11.5. Culture of Security -- 11.6. Integration Tools -- 11.7. Chapter Summary -- 11.8. Chapter Exercise -- 11.9. Business Application -- 11.10. Key Concepts and Terms -- 11.11. Assessment -- 11.12. Critical Thinking -- 11.13. Graduate Focus -- 11.14. Bibliography -- ch. 12 Personnel Training -- 12.1. Information Security Audience -- 12.2. Organization's Culture in the Web 2.0 Era -- 12.3. Information Assurance Curriculum Content -- 12.4. Security Training Delivery Methods -- 12.5. Implementing a Training Solution -- 12.5.1. Step 1: Identify the Program Scope, Goals, and Objectives -- 12.5.2. Step 2: Identify Training Staff -- 12.5.3. Step 3: Identify Target Audience -- 12.5.4. Step 4: Motivate Management and Employees -- 12.5.5. Step 5: Administer the Program -- 12.5.6. Step 6: Maintain the Program -- 12.5.7. Step 7: Evaluate the Program -- 12.6. Enforcing Computer Policy and Computer Crime Investigations -- 12.7. Chapter Summary -- 12.8. Chapter Exercise -- 12.9. Business Application -- 12.10. Key Concepts and Terms -- 12.11. Assessment -- 12.12. Critical Thinking -- 12.13. Graduate Focus -- 12.14. Bibliography -- ch. 13 Culture of Security -- 13.1. Confidentiality, Integrity, and Availability -- 13.2. Driving the Development Process with Consistency -- 13.3. Secure Software Design-Legal Environment -- 13.4. Security Policy in the Organization -- 13.5. Enforcing Security Policy -- 13.6. Chapter Summary -- 13.7. Chapter Exercise -- 13.8. Business Application -- 13.9. Key Concepts and Terms -- 13.10. Assessment -- 13.11. Critical Thinking -- 13.12. Graduate Focus -- 13.13. Bibliography -- ch. 14 Web Application Threats -- 14.1. Client at Risk -- 14.2. Biggest Threats to Web Applications -- 14.3. JavaScript and AJAX -- 14.4. Adobe Flash -- 14.5. ActiveX -- 14.6. Simplify, Restrict, and Scrub -- 14.7. Chapter Summary -- 14.8. Chapter Exercise -- 14.9. Business Application -- 14.10. Key Concepts and Terms -- 14.11. Assessment -- 14.12. Critical Thinking -- 14.13. Graduate Focus -- 14.14. Bibliography -- ch. 15 Secure Data Management -- 15.1. Modern Threats to Database Security -- 15.2. Managing Roles and Access -- 15.2.1. Removing a User from the Database -- 15.2.2. Authentication -- 15.2.3. Encryption -- 15.2.4. Database Views -- 15.3. Database Auditing -- 15.4. Database Backup and Recovery Strategy -- 15.5. Data in the Cloud Environment -- 15.6. Chapter Summary -- 15.7. Chapter Exercise -- 15.8. Business Application -- 15.9. Key Concepts and Terms -- 15.10. Assessment -- 15.11. Critical Thinking -- 15.12. Graduate Focus -- 15.13. Bibliography -- ch.

16 Zero Day and Beyond -- 16.1. Prediction Through Penetration Testing -- 16.2. Insider Threat and Beyond -- 16.3. Mitigation to Defend Against the Unknown -- 16.4. Organization Incident Response -- 16.5. Business Continuity Plan -- 16.6. Becoming and Staying Proactive -- 16.7. Chapter Summary -- 16.8. Chapter Exercise -- 16.9. Business Application -- 16.10. Key Concepts and Terms -- 16.11. Assessment -- 16.12. Critical Thinking -- 16.13. Graduate Focus -- 16.14. Bibliography.

1 3

There are no comments on this title.

to post a comment.

            Visit counter For Websites University of Prince Mugrin - Library

Powered by Koha