Software Security: Building Security In

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Safeguards, architectural risk analysis [See also Mitigation strategies.]

Safety property violations

SATAN

SBI386 2nd

SD West

SDL (Secure Development Lifecycle) 2nd

SDLC (Software Development Lifecycle)

Secure Development Lifecycle (SDL) 2nd

Secure Software

SecureUML

Security

     built-in versus bolted on

     defending the perimeter, does not work

     versus software

Security Band-Aid

Security engineering, rise of

Security Features vulnerability kingdom 2nd

Security operations

     constructive/destructive nature

     description

     flyover

    inter-group cooperation. [See Software developers and information security practitioners.]

Security professionals

     abuse case development

    and software developers. [See Software developers and information security practitioners.]

     inter-group communication barriers

     origin of

     risk-based security testing

     team building

Security requirements

     constructive/destructive nature

     description

     flyover

     recommended reading

Security testing. [See Risk-based security testing.]

Security tracker

Setting Manipulation phylum

Seven kingdoms. [See Taxonomy of coding errors, kingdoms.]

Signal Handling Race Conditions phylum

SLA (service level agreement) 2nd

SLAM tool

Smart card, example

Smurfware exercise

SOA (Service Oriented Architecture) 2nd 3rd 4th

SOAP protocol

Sockets phylum

Software

    artifacts. [See Artifacts.]

     process and religion

    testing. [See Penetration testing; Risk-based security testing.]

     vulnerability, cause of problems

Software architect catfights

Software developers and information security practitioners

     abuse cases

     architectural risk analysis

     business risk analysis

     code review 2nd

     deployment and operations

     example

     information security as Boogey man

     inter-group communication barriers

     inter-group cooperation

     penetration testing

     security testing

     "ugly baby" problem

Software security

     academic courses in

     and operations

    best practices. [See Touchpoints.]

     definition 2nd

    enterprise-wide. [See Enterprise software security.]

     multidisciplinary effort

     people

     pillars of 2nd

     potential research areas

     responsibility for

     team building 2nd

     three pillars 2nd

     unique qualities of

     versus application security

     versus software safety

Software Security Manager

Software security people

Software security touchpoints 2nd

Source code

     analysis, tutorial

     analyzers, commercial vendors [See also Fortify Source Code Analysis Suite.]

    lines of

         major operating systems

         normalizing

         relation to vulnerabilities

         Windows

    reviewing. [See Code review, tools.]

     scanners 2nd

Specification checking

Splint tool

SQL injection

SQL Injection phylum

Standards-based architectural risk analysis

Static code analysis

     example

     history

STRIDE 2nd 3rd 4th

     related to attack resistance analysis

String Manipulation phylum

String Termination Error phylum

Struts phylum

Synthesizing and ranking risks, RMF 2nd

System Information Leak phylum

System testing

System.exit() phylum