Summer Reading B2G1 Free
 
 

Special Offers see all

Enter to WIN a $100 Credit

Subscribe to PowellsBooks.news
for a chance to win.
Privacy Policy

Visit our stores


    Recently Viewed clear list


    Original Essays | July 15, 2015

    Frank Wilczek: IMG You Are... Who?



    Writing a book is an unnatural act of communication. Speaking to a person, or even to an audience, is an interaction. Very different styles are... Continue »
    1. $20.97 Sale Hardcover add to wish list

    spacer
Qualifying orders ship free.
$42.95
List price: $44.99
New Trade Paper
Ships in 1 to 3 days
Add to Wishlist
available for shipping or prepaid pickup only
Qty Store Section
3 Local Warehouse Networking- Computer Security

Enterprise Software Security: A Confluence of Disciplines (Addison-Wesley Software Security)

by

Enterprise Software Security: A Confluence of Disciplines (Addison-Wesley Software Security) Cover

 

Synopses & Reviews

Publisher Comments:

STRENGTHEN SOFTWARE SECURITY BY HELPING DEVELOPERS AND SECURITY EXPERTS WORK TOGETHER

 

Traditional approaches to securing software are inadequate. The solution: Bring software engineering and network security teams together in a new, holistic approach to protecting the entire enterprise. Now, four highly respected security experts explain why this “confluence” is so crucial, and show how to implement it in your organization.

 

Writing for all software and security practitioners and leaders, they show how software can play a vital, active role in protecting your organization. You’ll learn how to construct software that actively safeguards sensitive data and business processes and contributes to intrusion detection/response in sophisticated new ways. The authors cover the entire development lifecycle, including project inception, design, implementation, testing, deployment, operation, and maintenance. They also provide a full chapter of advice specifically for Chief Information Security Officers and other enterprise security executives.

Whatever your software security responsibilities, Enterprise Software Security delivers indispensable big-picture guidance–and specific, high-value recommendations you can apply right now.

 

COVERAGE INCLUDES:

• Overcoming common obstacles to collaboration between developers and IT security professionals

• Helping programmers design, write, deploy, and operate more secure software

• Helping network security engineers use application output more effectively

• Organizing a software security team before you’ve even created requirements

• Avoiding the unmanageable complexity and inherent flaws of layered security

• Implementing positive software design practices and identifying security defects in existing designs

• Teaming to improve code reviews, clarify attack scenarios associated with vulnerable code, and validate positive compliance

• Moving beyond pentesting toward more comprehensive security testing

• Integrating your new application with your existing security infrastructure

• “Ruggedizing” DevOps by adding infosec to the relationship between development and operations

• Protecting application security during maintenance

Synopsis:

In today's commercial enterprises, information security staffs spend years building walls around their business applications.  That's good, but practitioners have known for years that - for a real chance at corporate safety - the enterprise's application programmers must also build security into the business software. That is, application programmers need to build security features into their products and not just avoid using exploitable code.

 

That current efforts are inadequate is evident by the fact that even the powerful combination of a sound perimeter and front-to-back application security do not suffice against the highly sophisticated attacks launched against today's networks. One surprising reason: there is all too often a cultural and physical separation between the software development staff and the information security staff in large enterprises.

 

Enterprise Software Security bridges that gulf by identifying the issues that distinguish and keep the two groups apart and suggesting practical, actionable guidance of how best to collaboratively address the security needs of the enterprise. This book helps programmers design, write, deploy, and operate better enterprise software applications; and it helps network security engineers make better use of the applications' output. Used correctly, Enterprise Software Security could result in not just better code, but better security applications as well.

 

Enterprise Software Security is unique in that it draws ideas from two distinct disciplines, software engineering and network security, to produce a new, holistic approach to enterprise protection. For example, the authors provide detailed coverage of how software can actively contribute to the intrusion detection and response processes. Drawing on case study files, they show how software should - and can - be made to play a vital active role in protecting an enterprise before, during, and after security incidents. Software can and should take active measures to safeguard customer data, business processes, and other sensitive data within the scope of the application. This is a big-picture book with specific, actionable advice.

About the Author

Kenneth R. van Wyk is a career security guy, having started with Carnegie Mellon University’s CERT/CC in the late 1980s and subsequently worked for the United States Department of Defense and in several senior technologist roles in the commercial sector. He is the co-author of two popular O’Reilly and Associates books on incident response and secure coding. He now owns and runs KRvW Associates, LLC, a software security consulting and training practice in Virginia, USA.

Mark G. Graff is the CISO of NASDAQ OMX. Formerly the chief cybersecurity strategist at Lawrence Livermore National Laboratory, he has appeared as an expert witness on computer security before Congress and analyzed electronic voting machine software security for the state of California. A past chairman of the International Forum of Incident Response and Security Teams (FIRST), Graff has lectured on risk analysis, the future of cyber security, and privacy before the American Academy for the Advancement of Science, the Federal Communications Commission (FCC), the Pentagon, and many U.S. national security facilities and think tanks.

Dan S. Peters has been involved with security for longer than he had first expected when he stumbled into this field out of curiosity while making a good living as a consultant and a commercial software developer. Many security disciplines are exciting to him, but mobile security has been the most intriguing topic as of late. Before working on this book, Dan repeatedly shared his passion for security in conference presentations and numerous publications.

Diana L. Burley, Ph.D., is an award-winning cyber-security workforce expert who has been honored by the U.S. Federal CIO Council and was named the CISSE 2014 Cybersecurity Educator of the Year. As a professor, researcher, and consultant on IT use and workforce development for nearly 20 years, she passionately promotes a holistic view of cyber security to influence education, policy, and practice from her home in the Washington, D.C., region.

Table of Contents

1. Introduction to the problem

2. Security activities throughout a system life cycle

3. Project inception

4. Design activities

5. Implementation activities

6. Testing activities

7. Deployment

8. Operating

9. Maintenance

10. Case studies

Product Details

ISBN:
9780321604118
Author:
Van Wyk, Kenneth R.
Publisher:
Addison-Wesley Professional
Author:
Graf, Mark
Author:
Diana L. Burley Ph.D
Author:
Van Wyk, Kenneth
Author:
DSP
Author:
Burley, Diana L., Ph.D
Author:
Burley, Diana, Ph.D
Author:
Kenneth Van Wyk
Author:
Graf, Mark G.
Author:
Peters, Dan S.
Author:
Diana Burley Ph.D
Author:
Graff, Mark G.
Author:
Wyk, Kenneth R. van
Subject:
Security - General
Subject:
Networking-Computer Security
Subject:
Security
Subject:
internet security; security; network security; information security
Subject:
enterprise security; software security; software design; internet security; security; network security; information security
Edition Description:
Trade paper
Series:
Addison-Wesley Software Security Series
Publication Date:
20141231
Binding:
TRADE PAPER
Language:
English
Pages:
320
Dimensions:
9 x 7 x 0.9 in 531 gr

Related Subjects

Children's » General
Computers and Internet » Networking » Computer Security

Enterprise Software Security: A Confluence of Disciplines (Addison-Wesley Software Security) New Trade Paper
0 stars - 0 reviews
$42.95 In Stock
Product details 320 pages Addison-Wesley Professional - English 9780321604118 Reviews:
"Synopsis" by ,

In today's commercial enterprises, information security staffs spend years building walls around their business applications.  That's good, but practitioners have known for years that - for a real chance at corporate safety - the enterprise's application programmers must also build security into the business software. That is, application programmers need to build security features into their products and not just avoid using exploitable code.

 

That current efforts are inadequate is evident by the fact that even the powerful combination of a sound perimeter and front-to-back application security do not suffice against the highly sophisticated attacks launched against today's networks. One surprising reason: there is all too often a cultural and physical separation between the software development staff and the information security staff in large enterprises.

 

Enterprise Software Security bridges that gulf by identifying the issues that distinguish and keep the two groups apart and suggesting practical, actionable guidance of how best to collaboratively address the security needs of the enterprise. This book helps programmers design, write, deploy, and operate better enterprise software applications; and it helps network security engineers make better use of the applications' output. Used correctly, Enterprise Software Security could result in not just better code, but better security applications as well.

 

Enterprise Software Security is unique in that it draws ideas from two distinct disciplines, software engineering and network security, to produce a new, holistic approach to enterprise protection. For example, the authors provide detailed coverage of how software can actively contribute to the intrusion detection and response processes. Drawing on case study files, they show how software should - and can - be made to play a vital active role in protecting an enterprise before, during, and after security incidents. Software can and should take active measures to safeguard customer data, business processes, and other sensitive data within the scope of the application. This is a big-picture book with specific, actionable advice.

spacer
spacer
  • back to top

FOLLOW US ON...

     
Powell's City of Books is an independent bookstore in Portland, Oregon, that fills a whole city block with more than a million new, used, and out of print books. Shop those shelves — plus literally millions more books, DVDs, and gifts — here at Powells.com.