Synopses & Reviews
"When it comes to software security, the devil is in the details. This book tackles the details."
--Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies
"McGraw's book shows you how to make the 'culture of security' part of your development lifecycle."
--Howard A. Schmidt, Former White House Cyber Security Advisor
"McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall."
--Avi Rubin, Director of the NSF ACCURATE Center; Professor, Johns Hopkins University; and coauthor of Firewalls and Internet Security
Beginning where the best-selling book Building Secure Software left off, Software Security teaches you how to put software security into practice.The software security best practices, or touchpoints, described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugsand architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing.
Software Security is about putting the touchpoints to work for you. Because you can apply these touchpoints to the software artifacts you already produce as you develop software, you can adopt this book's methods without radically changing the way you work. Inside you'll find detailed explanations of
- Risk management frameworks and processes
- Code review using static analysis tools
- Architectural risk analysis
- Penetration testing
- Security testing
- Abuse case development
In addition to the touchpoints, Software Security covers knowledge management, training and awareness, and enterprise-level software security programs. Now that the world agrees that software security is central to computer security, it is time to put philosophy into practice. Create your own secure development lifecycle by enhancing your existing software development lifecycle with the touchpoints described in this book. Let this expert author show you how to build more secure software by building security in.
Review
"Overall, I rekon this was the best new security book I've seen this year. It certainly made me think more than any other security book I've read recently. I'd consider it a must-buy for the serious practitioner."--Ross Anderson, Professor of Security Engineering, University of Cambridge Computer Laboratory
Synopsis
"When it comes to software security, the devil is in the details. This book tackles the details." --Bruce Schneier, CTO and founder, Counterpane, and author of
Beyond Fear and
Secrets and Lies
"McGraw's book shows you how to make the 'culture of security' part of your development lifecycle." --Howard A. Schmidt, Former White House Cyber Security Advisor
"McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall." --Avi Rubin, Director of the NSF ACCURATE Center; Professor, Johns Hopkins University; and coauthor of
Firewalls and Internet Security
Beginning where the best-selling book
Building Secure Software left off,
Software Security teaches you how to put software security into practice.The software security best practices, or touchpoints, described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugsand architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing.
Software Security is about putting the touchpoints to work for you. Because you can apply these touchpoints to the software artifacts you already produce as you develop software, you can adopt this book's methods without radically changing the way you work. Inside you'll find detailed explanations of
- Risk management frameworks and processes
- Code review using static analysis tools
- Architectural risk analysis
- Penetration testing
- Security testing
- Abuse case development
In addition to the touchpoints,
Software Security covers knowledge management, training and awareness, and enterprise-level software security programs. Now that the world agrees that software security is central to computer security, it is time to put philosophy into practice. Create your own secure development lifecycle by enhancing your existing software development lifecycle with the touchpoints described in this book. Let this expert author show you how to build more secure software by building security in.
Synopsis
What is it about software that makes security such a problem? If you want to build secure software, how do you do it? These questions and the perseverance of three of the world's leading security experts, Gary McGraw, John Viega, and Greg Hoglund, led to the three books contained in this package.
Building Secure Software: How to Avoid Security Problems the Right Way, the white hat book, seems to have touched off a revolution. Security people who once relied solely on firewalls, intrusion detection, and anti-virus mechanisms came to understand and embrace the necessity of better software. This book provides a coherent and sensible philosophical foundation for the blossoming field of software security.
Exploiting Software: How to Break Code, the black hat book, provides a much needed balance, teaching how to break software and how malicious hackers write exploits. This book is meant as a reality check for software security, ensuring that the good guys address real attacks and invent and peddle solutions that actually work. Exploiting Software and Building Secure Software are in some senses mirror images.
Software Security: Building Security In unifies the two sides of software security--attack and defense, exploiting and designing, breaking and building--into a coherent whole. Like the yin and the yang, software security requires a careful balance.
About the Author
Gary McGraw, Cigital's CTO, is a leading authority on software security. Dr. McGraw is coauthor of the groundbreaking books
Building Secure Software and
Exploiting Software (both from Addison-Wesley). While consulting for major software producers and consumers, he has published over ninety peer-reviewed technical publications, and functions as principal investigator on grants from DARPA, the National Science Foundation, and NIST's Advanced Technology Program. He serves on the advisory boards of Authentica, Counterpane, and Fortify Software. He is also an advisor to the computer science departments at University of California, Davis, and the University of Virginia, as well as the School of Informatics at Indiana University.
John Viega is the CTO of Secure Software Solutions (www.securesw.com) and a noted expert in the area of software security. He is responsible for numerous tools in this area, including code scanners (ITS4 and RATS), random number suites (EGADS), automated repair tools, and secure programming libraries. He is also the original author of Mailman, the GNU mailing list manager.
Greg Hoglund has been a pioneer in the area of software security. He is CEO of HBGary, Inc., a leading provider of software security verification services. After writing one of the first network vulnerability scanners (installed in over half of all Fortune 500 companies), he created and documented the first Windows NT-based rootkit, founding rootkit.com in the process. Greg is a frequent speaker at Black Hat, RSA, and other security conferences.
Table of Contents
Foreword xix
Preface xxiii
Acknowledgments xxxi
About the Author xxxv
Part I: Software Security Fundamentals 1
Chapter 1: Defining a Discipline 3
The Security Problem 4
Security Problems in Software 14
Solving the Problem: The Three Pillars of Software Security 25
The Rise of Security Engineering 37
Chapter 2: A Risk Management Framework 39
Putting Risk Management into Practice 40
How to Use This Chapter 41
The Five Stages of Activity 42
The RMF Is a Multilevel Loop 46
Applying the RMF: KillerAppCo's iWare 1.0 Server 48
The Importance of Measurement 73
The Cigital Workbench 76
Risk Management Is a Framework for Software Security 79
Part II: Seven Touchpoints for Software Security 81
Chapter 3: Introduction to Software Security Touchpoints 83
Flyover: Seven Terrific Touchpoints 86
Black and White: Two Threads Inextricably Intertwined 89
Moving Left 91
Touchpoints as Best Practices 94
Who Should Do Software Security? 96
Software Security Is a Multidisciplinary Effort 100
Touchpoints to Success 103
Chapter 4: Code Review with a Tool 105
Catching Implementation Bugs Early (with a Tool) 106
Aim for Good, Not Perfect 108
Ancient History 109
Approaches to Static Analysis 110
Tools from Researchland 114
Commercial Tool Vendors 123
Touchpoint Process: Code Review 135
Use a Tool to Find Security Bugs 137
Chapter 5: Architectural Risk Analysis 139
Common Themes among Security Risk Analysis Approaches 140
Traditional Risk Analysis Terminology 144
Knowledge Requirement 147
The Necessity of a Forest-Level View 148
A Traditional Example of a Risk Calculation 152
Limitations of Traditional Approaches 153
Modern Risk Analysis 154
Touchpoint Process: Architectural Risk Analysis 161
Getting Started with Risk Analysis 169
Architectural Risk Analysis Is a Necessity 170
Chapter 6: Software Penetration Testing 171
Penetration Testing Today 173
Software Penetration Testing--a Better Approach 178
Incorporating Findings Back into Development 183
Using Penetration Tests to Assess the Application Landscape 184
Proper Penetration Testing Is Good 185
Chapter 7: Risk-Based Security Testing 187
What's So Different about Security? 191
Risk Management and Security Testing 192
How to Approach Security Testing 193
Thinking about (Malicious) Input 201
Getting Over Input 203
Leapfrogging the Penetration Test 204
Chapter 8: Abuse Cases 205
Security Is Not a Set of Features 209
What You Can't Do 210
Creating Useful Abuse Cases 211
Touchpoint Process: Abuse Case Development 213
An Abuse Case Example 217
Abuse Cases Are Useful 222
Chapter 9: Software Security Meets Security Operations 223
Don't Stand So Close to Me 224
Kumbaya (for Software Security) 225
Come Together (Right Now) 232
Future's So Bright, I Gotta Wear Shades 235
Part III: Software Security Grows Up 237
Chapter 10: An Enterprise Software Security Program 239
The Business Climate 240
Building Blocks of Change 242
Building an Improvement Program 246
Establishing a Metrics Program 247
Continuous Improvement 250
What about COTS (and Existing Software Applications)? 251
Adopting a Secure Development Lifecycle 256
Chapter 11: Knowledge for Software Security 259
Experience, Expertise, and Security 261
Security Knowledge: A Unified View 262
Security Knowledge and the Touchpoints 268
The Department of Homeland Security Build Security In Portal 269
Knowledge Management Is Ongoing 274
Software Security Now 275
Chapter 12: A Taxonomy of Coding Errors 277
On Simplicity: Seven Plus or Minus Two 279
The Phyla 282
A Complete Example 290
Lists, Piles, and Collections 292
Go Forth (with the Taxonomy) and Prosper 297
Chapter 13: Annotated Bibliography and References 299
Annotated Bibliography: An Emerging Literature 299
Software Security Puzzle Pieces 318
Appendices 321
Appendix A: Fortify Source Code Analysis Suite Tutorial 323
1. Introducing the Audit Workbench 324
2. Auditing Source Code Manually 326
3. Ensuring a Working Build Environment 328
4. Running the Source Code Analysis Engine 329
5. Exploring the Basic SCA Engine Command Line Arguments 332
6. Understanding Raw Analysis Results 333
7. Integrating with an Automated Build Process 335
8. Using the Audit Workbench 339
9. Auditing Open Source Applications 342
Appendix B: ITS4 Rules 345
Appendix C: An Exercise in Risk Analysis: Smurfware 385
SmurfWare SmurfScanner Risk Assessment Case Study 385
SmurfWare SmurfScanner Design for Security 390
Appendix D: Glossary 393
Index 395