Enterprise Software Security: A Confluence of Disciplines (Paperback)
暫譯: 企業軟體安全:多學科的交匯
Kenneth R. van Wyk, Mark G. Graff, Dan S. Peters, Diana L. Burley Ph.D.
- 出版商: Addison Wesley
- 出版日期: 2014-12-17
- 定價: $1,570
- 售價: 8.0 折 $1,256
- 語言: 英文
- 頁數: 320
- 裝訂: Paperback
- ISBN: 0321604113
- ISBN-13: 9780321604118
-
相關分類:
資訊安全
立即出貨 (庫存 < 3)
商品描述
STRENGTHEN SOFTWARE SECURITY BY HELPING DEVELOPERS AND SECURITY EXPERTS WORK TOGETHER
Traditional approaches to securing software are inadequate. The solution: Bring software engineering and network security teams together in a new, holistic approach to protecting the entire enterprise. Now, four highly respected security experts explain why this “confluence” is so crucial, and show how to implement it in your organization.
Writing for all software and security practitioners and leaders, they show how software can play a vital, active role in protecting your organization. You’ll learn how to construct software that actively safeguards sensitive data and business processes and contributes to intrusion detection/response in sophisticated new ways. The authors cover the entire development lifecycle, including project inception, design, implementation, testing, deployment, operation, and maintenance. They also provide a full chapter of advice specifically for Chief Information Security Officers and other enterprise security executives.
Whatever your software security responsibilities, Enterprise Software Security delivers indispensable big-picture guidance–and specific, high-value recommendations you can apply right now.
COVERAGE INCLUDES:
• Overcoming common obstacles to collaboration between developers and IT security professionals
• Helping programmers design, write, deploy, and operate more secure software
• Helping network security engineers use application output more effectively
• Organizing a software security team before you’ve even created requirements
• Avoiding the unmanageable complexity and inherent flaws of layered security
• Implementing positive software design practices and identifying security defects in existing designs
• Teaming to improve code reviews, clarify attack scenarios associated with vulnerable code, and validate positive compliance
• Moving beyond pentesting toward more comprehensive security testing
• Integrating your new application with your existing security infrastructure
• “Ruggedizing” DevOps by adding infosec to the relationship between development and operations
• Protecting application security during maintenance
商品描述(中文翻譯)
**加強軟體安全,幫助開發人員與安全專家協同合作**
傳統的軟體安全方法已經不再足夠。解決方案是:將軟體工程和網路安全團隊結合在一起,採用一種全新的整體方法來保護整個企業。現在,四位備受尊敬的安全專家解釋了為什麼這種「匯流」是如此重要,並展示如何在您的組織中實施它。
針對所有軟體和安全從業人員及領導者,他們展示了軟體如何在保護您的組織中發揮至關重要的主動作用。您將學習如何構建能夠主動保護敏感數據和業務流程的軟體,並以新穎的方式貢獻於入侵檢測/響應。作者涵蓋了整個開發生命周期,包括專案啟動、設計、實施、測試、部署、運行和維護。他們還提供了一整章專門針對首席資訊安全官和其他企業安全高管的建議。
無論您的軟體安全責任是什麼,《企業軟體安全》都提供了不可或缺的全局指導,以及您可以立即應用的具體高價值建議。
涵蓋內容包括:
• 克服開發人員與IT安全專業人員之間的常見協作障礙
• 幫助程式設計師設計、編寫、部署和運行更安全的軟體
• 幫助網路安全工程師更有效地使用應用程式輸出
• 在您甚至尚未創建需求之前組織軟體安全團隊
• 避免層級安全的無法管理的複雜性和固有缺陷
• 實施正面的軟體設計實踐並識別現有設計中的安全缺陷
• 團隊合作以改善代碼審查,澄清與易受攻擊代碼相關的攻擊場景,並驗證正確的合規性
• 超越滲透測試,朝向更全面的安全測試
• 將您的新應用程式與現有的安全基礎設施整合
• 通過將資訊安全納入開發與運營之間的關係來「強化」DevOps
• 在維護期間保護應用程式安全
