Title :
Software Security: Building Security In
Author_Institution :
Cigital, Inc., Dulles, VA
Abstract :
Summary form only given. Software security has come a long way in the last few years, but we´ve really only just begun. I will present a detailed approach to getting past theory and putting software security into practice. The three pillars of software security are applied risk management, software security best practices (which I call touchpoints), and knowledge. By describing a manageably small set of touchpoints based around the software artifacts that you already produce, I avoid religious warfare over process and get on with the business of software security. That means you can adopt the touchpoints without radically changing the way you work. The touchpoints I will describe include: code review using static analysis tools; architectural risk analysis; penetration testing; security testing; abuse case development; and security requirements. Like the yin and the yang, software security requires a careful balance-attack and defense, exploiting and designing, breaking and building-bound into a coherent package. Create your own Security Development Lifecycle by enhancing your existing software development lifecycle with the touchpoints
Keywords :
program diagnostics; program testing; risk analysis; security of data; software architecture; software reliability; abuse case development; architectural risk analysis; penetration testing; risk management; security development lifecycle; security requirements; security testing; software development lifecycle; software security; static analysis; Best practices; Books; Java; National security; Privacy; Risk analysis; Risk management; Software packages; Software testing; Software tools;
Conference_Titel :
Software Reliability Engineering, 2006. ISSRE '06. 17th International Symposium on
Conference_Location :
Raleigh, NC
Print_ISBN :
0-7695-2684-5
DOI :
10.1109/ISSRE.2006.43
