Secure Coding[c] Principles and Practices 2003

Saltzer, J.H.   2nd  

Santayana, George  

Schroeder, M. D.  

Schwartz, Alan  

scorecards  

Secure Coding web site   2nd   3rd  

Secure Programming for Linux and Unix HOWTO web site  

Secure Unix Programming FAQ web site  

Secure, Efficient, and Easy C Programming web site  

SecuriTeam  

security

       architecture  

       complexity and  

       deploying multiple layers  

       design   [See security design]

       education and  

       events  

       history of  

       holistic nature of  

       human resources and  

       implementation   [See security implementation]

       importance  

       just enough  

       mental models and  

       metaphors used in design  

       metrics and  

       multilevel  

       off-the-shelf software and  

       operations  

       patches, installing  

       questions to consider  

       resources  

       risk assessment and  

       sound practices  

       standards and  

       testing and automation  

       vulnerability cycle  

       web sites  

Security Adequacy Review (SAR)  

security architecture  

       architectural document  

       common sense and  

       principles of  

Security At a Glance (SAG)  

Security Attribute Evaluation Method (SAEM)  

security design  

       assessing risks  

       bad practices  

       case studies  

       costs versus benefits  

       design flaws  

       evaluating  

       mental model  

       process steps  

       risk mitigation strategy  

       selecting implementation measures  

       settling high-level technical issues  

       special issues  

       why it matters  

security implementation  

       bad practices  

       case studies  

       checklists  

       good practices  

Sendmail   2nd   3rd   4th   5th  

       restricted shell case study  

session

       hijacking  

               attack  

       killing  

               attack  

       tracking  

setuid, avoiding  

Sheinwold, Alfred  

shells

        escapes  

       filtering and  

       restricted  

Shostack, Adam  

Sibert, W. Olin  

simplicity  

Sitaker, Kragen  

smrsh Unix utility  

sniffer attack  

software jail  

Software Operationally Critical Threat, Asset, and Vulnerability Evaluations (OCTAVE) web site  

Soo Hoo, Kevin  

source code  

Spafford, Eugene H.   2nd   3rd   4th   5th   6th   7th   8th   9th   10th   11th  

standard engineering techniques  

standards  

       security and  

state   2nd  

stateless  

static code checkers  

Steidl, Jeff  

Stein, Lincoln D.  

Stephenson, Peter   2nd  

Stewart, John N.  

storing sensitive data  

Strickland, Karl   2nd  

structured development methodology, necessity for  

Sudbury, Andrew W.  

Sun Microsystems  

Swanson, Marianne  

SYN flag  

SYN flood  

       attacks   2nd   3rd   4th   5th   6th   7th   8th   9th   10th   11th   12th   13th   14th   15th   16th   17th   18th   19th   20th   21st  

Systems Security Engineering ‘Capability Maturity Model web site