Software Security: Building Security In

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Abstract syntax tree

Abuse cases

     anti-requirements

     attack models

     attack patterns

     attacker motivation

     benefits of

     constructive/destructive nature

     creating

     description

     development team

     example 2nd

     flyover

     history of

     identifying and documenting threats

     overview

     process diagram

     software developers and information security practitioners

     touchpoint process

Academic software security

Access control policies, modeling

Adversarial security testing

Aitel, Dave

ALE (Annualized Loss Expectancy)

Ambiguity analysis, in architectural risk analysis

Anderson, Ross

Anti-requirements

API Abuse vulnerability kingdom

     description

     example

     phyla

APISPY32

Application security

     badness-ometers

     limitations of

     testing tools 2nd

     versus software security

Applied risk management pillar

Arc injection attacks

Architectural risk analysis

     .NET security model overview

     access control policies, modeling

     ad hoc

     assets

     bugs 2nd

     checklists

     commercial

     common themes

     constructive/destructive nature

     countermeasures

     description

     flaws 2nd

     flyover

     forest-level view 2nd

     getting started

     impact

     in the RMF

     knowledge requirements

     major activities

     necessity of

     one page design overview 2nd

     practical applications

     probability

     process diagram

         ambiguity analysis

         attack resistance analysis

         weakness analysis

     risk analysis, definition

    risk calculation

         impact

         modern model

         traditional model

     risk management, definition

     risks

     ROI (return on investment)

     safeguards

     software developers and information security practitioners

     standards-based

     STRIDE

     terminology

     threat modeling versus risk analysis

     threats

    touchpoint process

         ad hoc approach

         ambiguity analysis

         attack resistance analysis

         critical steps

         examples of flaws 2nd 3rd

         exploit graphs

         process diagram

         weakness analysis

     vulnerabilities

Arciniegas, Fabio

Arkin, Brad

Array out of bounds 2nd

Articles. [See Bibliography]

Artifacts, software 2nd 3rd

ASP.NET Misconfiguration phylum

ASSET

Assets, definition

Assume nothing

AST. [See Abstract syntax tree]

Attack classes

Attack models

Attack patterns

     knowledge catalog 2nd

     list of

     taxonomy of

Attack resistance analysis, in architectural risk analysis

Attacker motivation

Attackers' tools 2nd

     APISPY32

     breakpoint setters

     control flow

     coverage

     decompilers

     disassemblers

     fault injectors

     rootkits

     shell code

Auditing open source applications, tutorial

Authentication phylum 2nd

Automation

     Cigital Workbench

     risk-based security testing