What do you think?
Rate this book
Enterprise Software Security: A Confluence of Disciplines
STRENGTHEN SOFTWARE SECURITY BY HELPING DEVELOPERS AND SECURITY EXPERTS WORK TOGETHER Traditional approaches to securing software are inadequate. The solution: Bring software engineering and network security teams together in a new, holistic approach to protecting the entire enterprise. Now, four highly respected security experts explain why this "confluence" is so crucial, and show how to implement it in your organization. Writing for all software and security practitioners and leaders, they show how software can play a vital, active role in protecting your organization. You'll learn how to construct software that actively safeguards sensitive data and business processes and contributes to intrusion detection/response in sophisticated new ways. The authors cover the entire development lifecycle, including project inception, design, implementation, testing, deployment, operation, and maintenance. They also provide a full chapter of advice specifically for Chief Information Security Officers and other enterprise security executives.
Whatever your software security responsibilities, "Enterprise Software Security" delivers indispensable big-picture guidance-and specific, high-value recommendations you can apply right now. COVERAGE INCLUDES:
- Overcoming common obstacles to collaboration between developers and IT security professionals
- Helping programmers design, write, deploy, and operate more secure software
- Helping network security engineers use application output more effectively
- Organizing a software security team before you've even created requirements
- Avoiding the unmanageable complexity and inherent flaws of layered security
- Implementing positive software design practices and identifying security defects in existing designs
- Teaming to improve code reviews, clarify attack scenarios associated with vulnerable code, and validate positive compliance
- Moving beyond pentesting toward more comprehensive security testing
- Integrating your new application with your existing security infrastructure
- "Ruggedizing" DevOps by adding infosec to the relationship between development and operations
- Protecting application security during maintenance
Whatever your software security responsibilities, "Enterprise Software Security" delivers indispensable big-picture guidance-and specific, high-value recommendations you can apply right now. COVERAGE INCLUDES:
- Overcoming common obstacles to collaboration between developers and IT security professionals
- Helping programmers design, write, deploy, and operate more secure software
- Helping network security engineers use application output more effectively
- Organizing a software security team before you've even created requirements
- Avoiding the unmanageable complexity and inherent flaws of layered security
- Implementing positive software design practices and identifying security defects in existing designs
- Teaming to improve code reviews, clarify attack scenarios associated with vulnerable code, and validate positive compliance
- Moving beyond pentesting toward more comprehensive security testing
- Integrating your new application with your existing security infrastructure
- "Ruggedizing" DevOps by adding infosec to the relationship between development and operations
- Protecting application security during maintenance
322 pages, Kindle Edition
First published March 1, 2013
2 people are currently reading
9 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
July 29, 2023
I read this book for a masters course as a part of the required reading. I am a Software engineer by trade and have many years of experience with software security, specifically having dealt with authentication and authorization systems.
Overall, the book was concise making it an easy read. It has aged okay, but some aspects of the content do not quite align with current practices. If you have zero understanding of security within software engineering, this is an alright introduction, providing examples of possible attacks, an intro to the OWASP Top 10, and an emphasis that security is a concern of all involved and requires a holistic systems engineering approach. However, the advice isn’t practical if you are a developer wanting to know what a SQL injection or XSS attack look like within your code. This is more of a benefit to someone who may not necessarily be technically deep, but could manage a few of the confluent groups (senior manager or director?).
I learned some from this book, but not enough for me to recommend it to others.
Overall, the book was concise making it an easy read. It has aged okay, but some aspects of the content do not quite align with current practices. If you have zero understanding of security within software engineering, this is an alright introduction, providing examples of possible attacks, an intro to the OWASP Top 10, and an emphasis that security is a concern of all involved and requires a holistic systems engineering approach. However, the advice isn’t practical if you are a developer wanting to know what a SQL injection or XSS attack look like within your code. This is more of a benefit to someone who may not necessarily be technically deep, but could manage a few of the confluent groups (senior manager or director?).
I learned some from this book, but not enough for me to recommend it to others.
Displaying 1 of 1 review