- Shopping Bag ( 0 items )
From Barnes & NobleThe Barnes & Noble Review
It’s not enough to “bolt on” software security: You need to build it right into your software’s DNA. Gary McGraw has written powerfully about this before; now he shows developers, architects, and managers exactly how to do it.
You’ve already been told to systematically assess risks to your software: McGraw shows how. Next, he details seven crucial “touchpoints”: lightweight security best practices that’ll work with virtually any methodology.
You’ll walk through code review, architectural risk analysis, and both penetration and “risk-based” security testing. You’ll build “abuse cases” (“use cases” from the hacker’s perspective). You’ll learn better ways to identify and maintain security requirements. You’ll even learn how to refine your development processes based on what your network security people are seeing. If you’ve been looking for a comprehensive, practical approach to developing secure software, this is it. Bill Camarda, from the March 2006 Read Only