You're reading from Security-Driven Software Development

Product type Book

Published in Mar 2024

Publisher Packt

ISBN-13 9781835462836

Pages 262 pages

Edition 1st Edition

Languages

Concepts

Application Development

Author (1):

Aspen Olmsted

Table of Contents (20) Chapters

Preface

1. Part 1: Modeling a Secure Application

2. Chapter 1: Security Principles

3. Chapter 2: Designing a Secure Functional Model

4. Chapter 3: Designing a Secure Object Model

5. Chapter 4: Designing a Secure Dynamic Model

6. Chapter 5: Designing a Secure System Model

7. Chapter 6: Threat Modeling

8. Part 2: Mitigating Risks in Implementation

9. Chapter 7: Authentication and Authorization

10. Chapter 8: Input Validation and Sanitization

11. Chapter 9: Standard Web Application Vulnerabilities

12. Chapter 10: Database Security

13. Part 3: Security Validation

14. Chapter 11: Unit Testing

15. Chapter 12: Regression Testing

16. Chapter 13: Integration, System, and Acceptance Testing

17. Chapter 14: Software Penetration Testing

18. Index

Why subscribe?

19. Other Books You May Enjoy

What this book covers

Chapter 1, Security Principles and Procedures, gives us a foundation of some standard principles and procedures used in secure software development.

Chapter 2, Designing a Secure Functional Model, teaches us how to specify what our software should do and what should be true while the software is executing.

Chapter 3, Designing a Secure Object Model, helps us to identify the objects and structures we will use in our software application.

Chapter 4, Designing a Secure Dynamic Model, helps us think about how the objects in our programs will interact with each other.

Chapter 5, Designing a Secure System Model, explores how we partition our application into subsystems and helps us think about how those partitions can communicate securely.

Chapter 6, Threat Modeling, is where we model the risks to our software and start to think about the mitigations we can deploy to reduce those risks.

Chapter 7, Authentication and Authorization, explores utilizing authentication and authorization to mitigate risks identified in our threat models.

Chapter 8, Input Validation and Sanitization, explores input validation and sanitization to mitigate risks identified in our threat models.

Chapter 9, Standard Web Application Vulnerabilities, discusses the many common vulnerabilities that are found in web applications.

Chapter 10, Database Security, takes a deep dive into databases and the risks and mitigations we can use while our software interacts with the database.

Chapter 11, Unit Testing, looks at ensuring our software performs the functions and meets the non-functional requirements we specified earlier in our model on small unit levels.

Chapter 12, Regression Testing, looks at ensuring our software performs the functions and meets the non-functional requirements we specified earlier in our model as code is changed.

Chapter 13, Integration Testing, looks at ensuring our software performs the functions and meets the non-functional requirements we specified earlier in our model as we put the different partitions and subsystems together.

Chapter 14, Penetration Testing, considers how we can discover vulnerabilities that slipped through despite our earlier hard work modeling, planning, and testing.