Table of Contents
- Foreword
- Preface
- Acknowledgments
- About the Author
Part I: Software Security Fundamentals
Defining a Discipline
- The Security Problem
- The Trinity of Trouble: Why the Problem Is Growing
- Basic Science
- Security Problems in Software
- Bugs and Flaws and Defects, Oh My!
- The Range of Defects
- The Problem with Application Security
- Software Security and Operations
- Solving the Problem: The Three Pillars of Software Security
- Pillar I: Applied Risk Management
- Pillar II: Software Security Touchpoints
- Pillar III: Knowledge
- The Rise of Security Engineering
- Software Security Is Everyone's Job
A Risk Management Framework
- Putting Risk Management into Practice
- How to Use This Chapter
- The Five Stages of Activity
- Stage 1: Understand the Business Context
- Stage 2: Identify the Business and Technical Risks
- Stage 3: Synthesize and Rank the Risks
- Stage 4: Define the Risk Mitigation Strategy
- Stage 5: Carry Out Fixes and Validate
- Measuring and Reporting on Risk
- The RMF Is a Multilevel Loop
- Applying the RMF: KillerAppCo's iWare 1.0 Server
- Understanding the Business Context
- Identifying the Business and Technical Risks
- Synthesizing and Ranking the Risks
- Defining the Risk Mitigation Strategy
- Carrying Out Fixes and Validating
- The Importance of Measurement
- Measuring Return
- Measurement and Metrics in the RMF
- The Cigital Workbench
- Risk Management Is a Framework for Software Security
Part II: Seven Touchpoints for Software Security
Introduction to Software Security Touchpoints
- Flyover: Seven Terrific Touchpoints
- 1. Code Review (Tools)
- 2. Architectural Risk Analysis
- 3. Penetration Testing
- 4. Risk-Based Security Testing
- 5. Abuse Cases
- 6. Security Requirements
- 7. Security Operations
- *. External Analysis
- Why Only Seven?
- Black and White: Two Threads Inextricably Intertwined
- Moving Left
- Touchpoints as Best Practices
- Who Should Do Software Security?
- Building a Software Security Group
- Software Security Is a Multidisciplinary Effort
- Touchpoints to Success
Code Review with a Tool
- Catching Implementation Bugs Early (with a Tool)
- Aim for Good, Not Perfect
- Ancient History
- Approaches to Static Analysis
- The History of Rule Coverage
- Modern Rules
- Tools from Researchland
- Commercial Tool Vendors
- Commercial Source Code Analyzers
- Key Characteristics of a Tool
- Three Characteristics to Avoid
- The Fortify Source Code Analysis Suite
- The Fortify Knowledge Base
- Using Fortify
- Touchpoint Process: Code Review
- Use a Tool to Find Security Bugs
Architectural Risk Analysis
- Common Themes among Security Risk Analysis Approaches
- Traditional Risk Analysis Terminology
- Knowledge Requirement
- The Necessity of a Forest-Level View
- A Traditional Example of a Risk Calculation
- Limitations of Traditional Approaches
- Modern Risk Analysis
- Security Requirements
- A Basic Risk Analysis Approach
- Touchpoint Process: Architectural Risk Analysis
- Attack Resistance Analysis
- Ambiguity Analysis
- Weakness Analysis
- Getting Started with Risk Analysis
Software Penetration Testing
- Penetration Testing Today
- Software Penetration Testing—a Better Approach
- Make Use of Tools
- Test More Than Once
- Incorporating Findings Back into Development
- Using Penetration Tests to Assess the Application
- Landscape
- Proper Penetration Testing Is Good
Risk-Based Security Testing
- What's So Different about Security?
- Risk Management and Security Testing
- How to Approach Security Testing
- Who
- How
- Thinking about (Malicious) Input
- Getting Over Input
- Leapfrogging the Penetration Test
Abuse Cases
- Security Is Not a Set of Features
- What You Can't Do
- Creating Useful Abuse Cases
- But No One Would Ever Do That!
- Touchpoint Process: Abuse Case Development
- Creating Anti-Requirements
- Creating an Attack Model
- An Abuse Case Example
- Abuse Cases Are Useful
Software Security Meets Security Operations
- Don't Stand So Close to Me
- Kumbaya (for Software Security)
- Come Together (Right Now)
- Future's So Bright, I Gotta Wear Shades
Part III: Software Security Grows Up
An Enterprise Software Security Program
- The Business Climate
- Building Blocks of Change
- Building an Improvement Program
- Establishing a Metrics Program
- A Three-Step Enterprise Rollout
- Continuous Improvement
- What about COTS (and Existing Software Applications)?
- An Enterprise Information Architecture
- Adopting a Secure Development Lifecycle
Knowledge for Software Security
- Experience, Expertise, and Security
- Security Knowledge: A Unified View
- Security Knowledge and the Touchpoints
- The Department of Homeland Security Build Security In Portal
- Knowledge Management Is Ongoing
- Software Security Now
A Taxonomy of Coding Errors
- On Simplicity: Seven Plus or Minus Two
- Input Validation and Representation
- API Abuse
- Security Features
- Time and State
- Error Handling
- Code Quality
- Encapsulation
- Environment
- The Phyla
- More Phyla Needed
- A Complete Example
- Lists, Piles, and Collections
- Nineteen Sins Meet Seven Kingdoms
- Seven Kingdoms and the OWASP Ten
- Go Forth (with the Taxonomy) and Prosper
Annotated Bibliography and References
- Annotated Bibliography: An Emerging Literature
- Required Reading: The Top Five
- References Cited in Software Security: Building Security In
- Government and Standards Publications Cited
- Other Important References
- Software Security Puzzle Pieces
- Basic Science: Open Research Areas
Appendices
Fortify Source Code Analysis Suite Tutorial
- Introducing the Audit Workbench
- Auditing Source Code Manually
- Ensuring a Working Build Environment
- Running the Source Code Analysis Engine
- Exploring the Basic SCA Engine Command Line Arguments
- Understanding Raw Analysis Results
- Integrating with an Automated Build Process
- Using the Audit Workbench
- Auditing Open Source Applications
ITS4 Rules
An Exercise in Risk Analysis: Smurfware
- SmurfWare SmurfScanner Risk Assessment Case Study
- SmurfWare SmurfScanner Design for Security
Glossary
Index
Copyright © 2006, Gary McGraw
