Secure software design /

Preface xv
Chapter 1 Introduction 1
1.1
1.2
1.3
1.4
1.5
The World Turned Upside Down 2
The Lingo 3
The Usual Suspects 5
The Many Hats of Hackers
10
The Tools of the Trade 13
1.5.1 The CIA Triad
13
1.5.2 Cryptography 15
1.5.3
Public Key Cryptography 16
1.5.4
Integrity 17
1.5.5 Availability
18
1.6
Fighting Fire 18
1.6.1 1
Prevention
18
1.6.2
Avoidance 19
1.6.3 Detection 20
1.6.4
Recovery
20
1.7
Changing the Design 21
1.8
Red vs. Blue 24
1.9
The Shape of Things
24
1.10 Chapter Summary 26
1.11 Chapter Exercise 26
1.12 Business Application 26
1.13 Key Concepts and Terms 27
1.14 Assessment 27
1.15 Critical Thinking 28
1.16 Graduate Focus 29
1.17 Bibliography 3

With the multitude of existing attacks that are known to date and the number that will continue to emerge, software security is in a reactive state and many have predicted that it will remain so for the foreseeable future. This book seeks to change that opinion by presenting a practical guide to proactive software security. Secure Software Design is written for the student, the developer, and management to bring a new way of thinking to secure software design. The focus of this book is on analyzing risks, understanding likely points of attack, and pre-deciding how your software will deal with the attack that will inevitably arise. By looking at the systemic threats in any deployment environment and studying the vulnerabilities of your application, this book will show you how to construct software that can deal with attacks both known and unknown instead of waiting for catastrophe and the cleanup efforts of tomorrow. Hands-on examples and simulated cases for the novice and the professional support each chapter by demonstrating the principles presented.

Ingeniería en Tecnologías de la Información y Comunicación