Cargando…
Secure, Resilient, and Agile Software Development
A collection of best practices and effective implementation recommendations that are proven to work, Secure, Resilient, and Agile Software Development leaves the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Milton :
Auerbach Publishers, Incorporated,
2019.
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover; Half Title; Title Page; Copyright Page; Trademarks Used in This Publication; Contents; Dedication; Preface; About the Author; Chapter 1: Today's Software Development Practices Shatter Old Security Practices; 1.1 Over the Waterfall; 1.2 What Is Agile?; 1.3 Shift Left!; 1.4 Principles First!; 1.5 Summary; References; Chapter 2: Deconstructing Agile and Scrum; 2.1 The Goals of Agile and Scrum; 2.2 Agile/Scrum Terminology; 2.3 Agile/Scrum Roles; 2.4 Unwinding Sprint Loops; 2.5 Development and Operations Teams Get Married; 2.6 Summary; References; Chapter 3: Learning Is FUNdamental!
- 3.1 Education Provides Context and Context Is Key3.2 Principles for Software Security Education; 3.3 Getting People's Attention; 3.4 Awareness versus Education; 3.5 Moving into the Education Phase; 3.6 Strategies for Rolling Out Training; 3.7 Encouraging Training Engagement and Completion; 3.8 Measuring Success; 3.9 Keeping the Drumbeat Alive; 3.10 Create and Mature a Security Champion Network; 3.11 A Checklist for Establishing a Software Security Education, Training, and Awareness Program; 3.12 Summary; References; Chapter 4: Product Backlog Development-Building Security In
- 4.1 Chapter Overview4.2 Functional versus Nonfunctional Requirements; 4.3 Testing NFRs; 4.4 Families of Nonfunctional Requirements; 4.4.1 Availability; 4.5 Capacity; 4.6 Efficiency; 4.7 Interoperability; 4.8 Manageability; 4.8.1 Cohesion; 4.8.2 Coupling; 4.9 Maintainability; 4.10 Performance; 4.11 Portability; 4.12 Privacy; 4.13 Recoverability; 4.14 Reliability; 4.15 Scalability; 4.16 Security; 4.17 Serviceability/Supportability; 4.18 Characteristics of Good Requirements; 4.19 Eliciting Nonfunctional Requirements; 4.20 NFRs as Acceptance Criteria and Definition of Done; 4.21 Summary
- 5.5.9 Practice 9: Don't Trust Services5.5.10 Practice 10: Establish Secure Defaults; 5.6 Mapping Best Practices to Nonfunctional Requirements (NFRs) as Acceptance Criteria; 5.7 Summary; References; Chapter 6: Security in the Design Sprint; 6.1 Chapter Overview; 6.2 Design Phase Recommendations; 6.3 Modeling Misuse Cases; 6.4 Conduct Security Design and Architecture Reviews in Design Sprint; 6.5 Perform Threat and Application Risk Modeling; 6.5.1 Brainstorming Threats; 6.6 Risk Analysis and Assessment; 6.6.1 Damage Potential; 6.6.2 Reproducibility; 6.6.3 Exploitability; 6.6.4 Affected Users