What this book covers
Chapter 1, Security Principles and Procedures, gives us a foundation of some standard principles and procedures used in secure software development.
Chapter 2, Designing a Secure Functional Model, teaches us how to specify what our software should do and what should be true while the software is executing.
Chapter 3, Designing a Secure Object Model, helps us to identify the objects and structures we will use in our software application.
Chapter 4, Designing a Secure Dynamic Model, helps us think about how the objects in our programs will interact with each other.
Chapter 5, Designing a Secure System Model, explores how we partition our application into subsystems and helps us think about how those partitions can communicate securely.
Chapter 6, Threat Modeling, is where we model the risks to our software and start to think about the mitigations we can deploy to reduce those risks.
Chapter 7, Authentication and Authorization, explores utilizing authentication and authorization to mitigate risks identified in our threat models.
Chapter 8, Input Validation and Sanitization, explores input validation and sanitization to mitigate risks identified in our threat models.
Chapter 9, Standard Web Application Vulnerabilities, discusses the many common vulnerabilities that are found in web applications.
Chapter 10, Database Security, takes a deep dive into databases and the risks and mitigations we can use while our software interacts with the database.
Chapter 11, Unit Testing, looks at ensuring our software performs the functions and meets the non-functional requirements we specified earlier in our model on small unit levels.
Chapter 12, Regression Testing, looks at ensuring our software performs the functions and meets the non-functional requirements we specified earlier in our model as code is changed.
Chapter 13, Integration Testing, looks at ensuring our software performs the functions and meets the non-functional requirements we specified earlier in our model as we put the different partitions and subsystems together.
Chapter 14, Penetration Testing, considers how we can discover vulnerabilities that slipped through despite our earlier hard work modeling, planning, and testing.