Software Security: Building Security In

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Race Condition phylum

Ranking and synthesizing risks, RMF

RATS code scanner

Raw analysis results, tutorial

Readings. [See Bibliography.]

References [See Bibliography.]

Reformed hackers

Regulations, security

Renaissance, computer security

Reports, RMF analysis

Required reading

Resource Injection phylum

Return on investment (ROI) 2nd

Risk analysis

    architectural level. [See Architectural risk analysis.]

     definition

     exercise

     versus threat modeling

Risk calculation

     impact

     modern model

     traditional model

Risk management framework (RMF). [See RMF (risk management framework).]

Risk management. [See also RMF (risk management framework).]

     applied risk management pillar

     definition

     risk-based security testing

Risk-based security testing

     adversarial testing

     and penetration testing

     automation

     conditions tested

     constructive/destructive nature

     description

     example

     eXtreme programming

     firewalls

     flyover

     functional testing

     Insideout approach

     Java card, example

     malicious input

     methodology 2nd

     multithreading

     outside in approach

     perimeter defense

     personnel involved

     process overview

     risk management [See also RMF (risk management framework).]

     smart cards, example

     SOAP protocol

     "test-driven" design

     timing

Risks

     analysis report

     architectural risk analysis

     business and technical, identifying 2nd

     data review

     definition

     impacts

     indicators

     likelihood scale

    management framework. [See RMF]

     measuring and reporting

    mitigation strategies

         defining 2nd

         penetration testing

         risks 2nd

         RMF

     questionnaires

     ranking

     severity key

     synthesizing

     synthesizing and ranking 2nd

RMF (risk management framework)

    example

         business goal rankings

         business impact scale

         business peer review

         business risk indicators

         business risks 2nd 3rd

         carrying out fixes and validation

         defining a mitigation strategy

         deliverables

         fixes

         gathering artifacts

         goal-to-risk relationship

         identifying business and technical risks

         likelihood of occurrence

         prioritized business goals

         product risks

         project research

         project risks

         ranking risks

         research and interview data analysis

         risk analysis report

         risk data review

         risk impacts

         risk indicators

         risk likelihood scale

         risk mitigation

         risk questionnaires

         risk severity key

         software artifact analysis

         synthesizing and ranking risks

         target project team

         technical peer review

         technical risks 2nd 3rd 4th

         understanding business context

         validation

     iterative processing

     measuring and reporting risk

     process diagram

    stages of activity

         carrying out fixes and validation 2nd

         defining the risk mitigation strategy 2nd

         identifying business and technical risks 2nd

         synthesizing and ranking risks 2nd

         understanding business context 2nd

ROI (return on investment) 2nd

Rootkits

Rubin, Avi

Rules

     coverage

     example

    Fortify. [See Fortify Source Code Analysis Suite.]

     ITS4. [See also Taxonomy of coding errors, kingdoms.]

         history of

         list of

     knowledge catalog 2nd 3rd

     schema

Rules Builder