Software Security: Building Security In

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Eau Claire tool

Electronic voting security

Empty Catch Block phylum

Empty Password in Configuration File phylum

Encapsulation vulnerability kingdom 2nd

Engineer gone bad

Enterprise information architecture

Enterprise software security

     basic steps

     business climate

     champions, for best practices 2nd

     change maturity path 2nd

     common pitfalls

     continuous improvement

     COTS (commercial off-the-shelf software)

     cultural change 2nd

     enterprise information architecture

     existing applications

     general framework

     improvement program

     lack of high-level commitment

     management without measurement

     metrics program

     over-reliance on late-lifecycle testing

     SDL (Secure Development Lifecycle) 2nd

     training without assessment

Environment vulnerability kingdom 2nd

Erroneous validate() Method phylum

Error detection

Error Handling vulnerability kingdom 2nd

ESP tool

Examples

     abuse cases 2nd

     Adobe Reader

     Diebold voting machines

     flaws found in architectural risk analysis 2nd 3rd

     Java card

    KillerAppCo's iWare. [See RMF (risk management framework), example.]

     malicious PDFs

     password security

     penetration testing 2nd

     risk-based security testing

     smart cards

     Smurfware exercise

     software developers and information security practitioners

Exception Handling phylum

Exploits

     graphs

     knowledge catalog 2nd

Extensibility, trinity of trouble

External analysis, description 2nd

eXtreme programming