دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Security-Driven Software Development: Learn to analyze and mitigate risks in your software projects
دانلود کتاب توسعه نرم افزار مبتنی بر امنیت: یاد بگیرید که در پروژه های نرم افزاری خود، ریسک ها را تجزیه و تحلیل و کاهش دهید
مشخصات کتاب
Security-Driven Software Development: Learn to analyze and mitigate risks in your software projects
ویرایش:
نویسندگان: Aspen Olmsted
سری:
ISBN (شابک) : 9781835462836
ناشر: Packt Publishing Pvt Ltd
سال نشر: 2024
تعداد صفحات: 0
زبان: English
فرمت فایل : EPUB (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 12 مگابایت
قیمت کتاب (تومان) : 61,000
در صورت تبدیل فایل کتاب Security-Driven Software Development: Learn to analyze and mitigate risks in your software projects به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب توسعه نرم افزار مبتنی بر امنیت: یاد بگیرید که در پروژه های نرم افزاری خود، ریسک ها را تجزیه و تحلیل و کاهش دهید نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی درمورد کتاب به خارجی
فهرست مطالب
Security-Driven Software Development
Contributors
About the author
About the reviewer
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Get in touch
Share your thoughts
Download a free PDF copy of this book
Part 1: Modeling a Secure Application
1
Security Principles
What could go wrong?
Principles
Open Web Application Security Project
NIST’s Secure Software Development Framework
MITRE frameworks
Software development lifecycles
Microsoft’s Security Development Lifecycle
Confidentiality, integrity, and availability
Summary
Self-assessment questions
Answers
2
Designing a Secure Functional Model
Requirements gathering and specification
Non-functional requirements and security
Capturing scenarios
Textual use cases and misuse cases
Graphical use cases and misuse cases
Graphical use case diagram
Graphical misuse case diagram
Example enterprise secure functional model
Purchase of tickets via self-service
Trying to purchase tickets beyond the patron limit
Summary
Self-assessment questions
Answers
3
Designing a Secure Object Model
Identify objects and relationships
Class diagrams
Stereotypes
Invariants
Example of the enterprise secure object model
Summary
Self-assessment questions
Answers
4
Designing a Secure Dynamic Model
Technical requirements
Object behavior
Modeling interactions between objects
UML sequence diagrams
UML activity diagrams
Constraints
Example of the enterprise secure dynamic model
Summary
Self-assessment questions
Answers
5
Designing a Secure System Model
Partitions
Modeling interactions between partitions
UML component diagrams
Patterns
Example – developing an enterprise secure system model
Summary
Self-assessment questions
Answers
6
Threat Modeling
Threat model overview
The STRIDE threat model
The DREAD threat model
Attack trees
Mitigations
Microsoft Threat Modeling Tool
Example of an enterprise threat model
Summary
Self-assessment questions
Answers
Part 2: Mitigating Risks in Implementation
7
Authentication and Authorization
Authentication
Authorization
Security Models
Single sign-on and open authorization
Single sign-on (SSO)
Open authorization (OAuth)
Implementing SSO and OAuth with Google
Example of enterprise implementation
Summary
Self-assessment questions
Answers
8
Input Validation and Sanitization
Input validation
Input sanitization
Language-specific defenses
Buffer overflows
Example of the enterprise input validation and sanitization
Summary
Self-assessment questions
Answers
9
Standard Web Application Vulnerabilities
Injection attacks
Broken authentication and session management
Request forgery
Language-specific defenses
Example of enterprise web defenses
Summary
Self-assessment questions
Answers
10
Database Security
Overview of SQL
SQL injection
Maintaining database correctness
Managing activity concurrency
Language-specific defenses
RBAC security in DBMS
Encryption in DBMS
An example of enterprise DB security
Summary
Self-assessment questions
Answers
Part 3: Security Validation
11
Unit Testing
The principles of unit testing
The advantages of unit testing
Unit testing frameworks
An example of enterprise threat model
PHPUnit
JUnit
PyUnit
Summary
Self-assessment questions
Answers
12
Regression Testing
Regression testing overview
Key concepts
Process
Benefits
Robotic process automation
The intersection of RPA and regression testing
Regression testing tools
Load testing
Integration and complementarity
UI.Vision RPA
Example of the enterprise regression tests
Summary
Self-assessment questions
Answers
13
Integration, System, and Acceptance Testing
Types of integration tests
Mocks
Stubs
Examples of enterprise integration testing
System testing
Acceptance testing
Summary
Self-assessment questions
Answers
14
Software Penetration Testing
Types of tests
Phases
Tools
Information gathering and reconnaissance
Vulnerability analysis and exploitation
Post-exploitation and privilege escalation
Network sniffing
Forensics and monitoring
Reporting and documentation
An example of an enterprise penetration test report
High-level summary
Host analysis
Summary
Self-assessment questions
Answers
Index
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts
Download a free PDF copy of this book
نظرات کاربران
کتاب های تصادفی
دانلود کتاب Philosophy and International Law: A Critical Introduction (Cambridge Introductions to Philosophy and Law)
دانلود کتاب Making Sense of Agile Project Management: Balancing Control and Agility
دانلود کتاب Adolescence in Urban India: Cultural Construction in a Society in Transition
دانلود کتاب The cost of courage
