Books Guide: Secure Software Development

Submit A Book

Books Guide

Please enter a book title, author, or keyword

Secure Software Development

Software Test Attacks to Break Mobile and Embedded Devices
By:
Jon Duncan Hagar
Published:
2013

Software Test Attacks to Break Mobile and Embedded Devices presents an attack basis for testing mobile and embedded systems. Designed for testers working in the ever-expanding world of "smart" devices driven by software, the book focuses on attack-based testing that can be used by individuals and teams.

Coding for Penetration Testers: Building Better Tools
By:
Ryan Linn, Jason Andress
Published:
2011

Tools used for penetration testing are often purchased or downloaded from the Internet. Each tool is based on a programming language such as Perl, Python, or Ruby. If a penetration tester wants to extend, augment, or change the functionality of a tool to perform a test differently than the default configuration, the tester must know the basics of coding for the related programming language.

Design for Trustworthy Software: Tools, Techniques, and Methodology of Developing Robust Software
By:
Peter C. Patton and Bijay K. Jayaswal
Published:
2011

Design for Trustworthy Software will help you improve quality whether you develop in-house, outsource, consult, or provide support. It offers breakthrough solutions for the entire spectrum of software and quality professionals–from developers to project leaders, chief software architects to customers.

High-Assurance Design: Architecting Secure and Reliable Enterprise Applications
By:
Clifford J. Berg
Published:
2011

Many enterprises unfortunately depend on software that is insecure, unreliable, and fragile. They compensate by investing heavily in workarounds and maintenance, and by employing hordes of "gurus" to manage their systems' flaws. This must change. And it can. In this book, respected software architect Clifford J. Berg shows how to design high-assurance applications-applications with proven, built-in reliability, security, manageability, and maintainability.

Metrics and Methods for Security Risk Management
By:
Carl S. Young
Published:
2010

Metrics and Methods for Security Risk Management offers powerful analytic tools that have been absent from traditional security texts.

Beautiful Security: Leading Security Experts Explain How They Think
By:
Andy Oram and John Viega
Published:
2009

In this thought-provoking anthology, today's security experts describe bold and extraordinary methods used to secure computer systems in the face of ever-increasing threats.

Solid Code
By:
Donis Marshall and John Bruno
Published:
2009

With insights direct from Microsoft s own development teams and across the software-development life cycle learn best practices for writing solid, well-formed, efficient code. Ideal for new to intermediate level developers, but with fresh insights for more experienced programmers, SOLID CODE will help improve your coding techniques at each phase of product development: design, prototyping, implementation, debugging, and testing.

A Practical Guide to Trusted Computing
By:
David, Kent, Ryan, David, Leendert
Published:
2008

Every year, computer security threats become more severe. Software alone can no longer adequately defend against them: what’s needed is secure hardware. The Trusted Platform Module (TPM) makes that possible by providing a complete, open industry standard for implementing trusted computing hardware subsystems in PCs. Already available from virtually every leading PC manufacturer, TPM gives software professionals powerful new ways to protect their customers.

Fuzzing for Software Security Testing and Quality Assurance
By:
Ari Takanen, et al.
Published:
2008

Learn the code cracker's malicious mindset, so you can find worn-size holes in the software you are designing, testing, and building. Fuzzing for Software Security Testing and Quality Assurance takes a weapon from the black-hat arsenal to give you a powerful new tool to build secure, high-quality software. This practical resource helps you add extra protection without adding expense or time to already tight schedules and budgets.

Developer's Guide to Web Application Security
By:
Michael Cross
Published:
2007

Over 75% of network attacks are targeted at the web application layer. This book provides explicit hacks, tutorials, penetration tests, and step-by-step demonstrations for security professionals and Web application developers to defend their most vulnerable applications.

Foundations of Security: What Every Programmer Needs to Know
By:
Daswani, Kern and Kesavan
Published:
2007

Foundations of Security: What Every Programmer Needs to Know teaches new and current software professionals state-of-the-art software security design principles, methodology, and concrete programming techniques they need to build secure software systems. Once you're enabled with the techniques covered in this book, you can start to alleviate some of the inherent vulnerabilities that make today's software so susceptible to attack.

Fuzzing: Brute Force Vulnerability Discovery
By:
Michael Sutton, et al.
Published:
2007

Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods.

Intrusion Alert: An Ethical Hacking Guide to Intrusion Detection
By:
Ankit Fadia
Published:
2007

Intrusion Alert: an Ethical Hacking Guide to Intrusion Detection provides an in-depth look at the intrusion detection systems that are currently available to help protect your networks from cyber criminals.

Hacking Web Services
By:
Shreeraj Shah
Published:
2006

Web Services are an integral part of next generation Web applications. The development and use of these services is growing at an incredible rate, and so too are the security issues surrounding them. Hacking Web Services is a practical guide for understanding Web services security and assessment methodologies. Written for intermediate-to-advanced security professionals and developers, the book provides an in-depth look at new concepts and tools used for Web services security.

Hunting Security Bugs
By:
Landauer, Jeffries and Gallagher
Published:
2006

Your in-depth, hands-on, technical security-testing reference. Written for testers by testers, this guide highlights up-to-date tools, technologies, and techniques for helping find and eliminate security vulnerabilities in software.

From the Publisher:

Penetration Testing and Network Defense
By:
Daneil Newman, Andrew Whitaker
Published:
2006

This book is a practical guide to simulating, detecting, and responding to network attacks. Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation.

Software Security: Building Security In
By:
Gary McGraw
Published:
2006

Beginning where the best-selling book Building Secure Software left off, Software Security teaches you how to put software security into practice. The software security best practices, or touchpoints, described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle.

The Art of Software Security Testing
By:
Dustin, Nelson, Dai Zovi, Wysopal
Published:
2006

The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the “bad guys” do.

Cryptography in the Database: The Last Line of Defense
By:
Kevin Kenan
Published:
2005

Shows companies how to secure their databases with cryptography, thereby helping them comply with a bevy of new regulations.

Digital Identity
By:
Phillip J. Windley
Published:
2005

The rise of network-based, automated services in the past decade has definitely changed the way businesses operate, but not always for the better. Offering services, conducting transactions and moving data on the Web opens new opportunities, but many CTOs and CIOs are more concerned with the risks. Like the rulers of medieval cities, they've adopted a siege mentality, building walls to keep the bad guys out. It makes for a secure perimeter, but hampers the flow of commerce.

Enterprise Web Services Security
By:
Rickland Hollar and Rick Murphy
Published:
2005

Learn to Protect Your Assets and Prevent Attacks!

Honeypots For Windows
By:
Roger A. Grimes
Published:
2005

Honeypots for Windows will cover installing, configuring, and maintaining security Honeypots on Windows platforms, specifically the popular open source Honeypot product called honeyd, and summarize other commercial Honeypot solutions. There are no computer security books covering Honeypots (or IDSs) as they run on Windows platforms.

The Software Vulnerability Guide
By:
Herbert H. Thompson and Scott G. Chase
Published:
2005

In today's market, secure software is a must for consumers. Many developers, however, are not familiar with the techniques needed to produce secure code or detect existing vulnerabilities. The Software Vulnerability Guide helps developers and testers better understand the underlying security flaws in software and provides an easy-to-use reference for security bugs. Most of these bugs (and the viruses, worms, and exploits that derive from them) start out as programmer mistakes.

How to Break Software Security
By:
Herbert Thompson, James Whittaker
Published:
2003

How to Break Software Security describes the general problem of software security in a practical perspective from a software tester's point of view. It defines prescriptive techniques (attacks that testers can use on their own software) that are designed to ferret out security vulnerabilities in software applications.

Enterprise Security: A Manager’s Defense Guide
By:
David Leon Clark
Published:
2002

(From the Back Cover) EBusiness is on the rise, but so are the likelihood and severity of computer attacks. Melissa, the Love Bug, Nimda, and Reezak all caught the eBusiness community off guard, costing billions of dollars in lost productivity and damage. Maintaining enterprise security is now, without question, a crucial aspect of doing business in today's Internet-based economy.

Hack Attacks Testing: How to Conduct Your Own Security Audit
By:
John Chirillo
Published:
2002

A network security breach (a hack, crack, or other invasion) occurs when unauthorized access to the network is achieved and havoc results. The best possible defense is an offensive strategy that allows you to regularly test your network to reveal the vulnerabilities and close the holes before someone gets in. Also, learn how to conduct thorough security examinations via illustrations and virtual simulations.

Hack I.T. - Security Through Penetration Testing
By:
Ajay Gupta, T. J. Klevinsky, Scott Laliberte
Published:
2002

TeamPenetration testing—in which professional, "white hat" hackers attempt to break through an organization's security defenses—has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information.

Building Secure Software: How to Avoid Security Problems the Right Way
By:
Gary McGraw, John Viega
Published:
2001

Most organizations have a firewall, antivirus software, and intrusion detection systems, all of which are intended to keep attackers out. So why is computer security a bigger problem today than ever before? The answer is simple—bad software lies at the heart of all computer security problems. Traditional solutions simply treat the symptoms, not the problem, and usually do so in a reactive way. This book teaches you how to take a proactive approach to computer security.

Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses
By:
Ed Skoudis
Published:
2001

(From the Back Cover)

The Next Generation Hacker Book

The step-by-step guide to defending against hacker intrusions!

* Defend against today's most powerful hacker attacks!
* Hands-on, step-by-step techniques for UNIX/Linux and Windows environments
* Intrusion detection: New evasion techniques—and countermeasures
* By the security expert who demonstrated hacking to the U.S. Senate!

The Accidental Project Manager
By:
Patricia Ensworth
Published:
2001

Why do so many software projects fail? The reality is that many of these projects are led by programmers or developers thrown into the role of project manager without the necessary skills or training to see a project through successfully. Patricia Ensworth has written a hands-on survival guide designed to rescue the "accidental project manager" and help them to quickly ramp up on all key areas involved in software project management.

Hacking Exposed: Network Security Secrets & Solutions
By:
George Kurtz, Stuart McClure, Joel Scambray
Published:
2000

In today's round-the-clock, hyper-connected, all-digital economy, computer security is everyone's business.

Software Assessments, Benchmarks, and Best Practices
By:
Capers Jones
Published:
2000

Billions of dollars are wasted each year on IT software projects that are developed and either released late or never used. In light of recent large-scale errors, and methods, tools, and practices used for software development have become the subject of significant study and analysis. One quantitative method for analysis is software assessment, which explores the methodologies used by businesses for software development.

E-commerce Security: Weak Links, Best Defenses
By:
Anup K. Ghosh
Published:
1997

The World Wide Web is changing the way the world engages in business. With this paradigm shift comes uncertainty about how secure e-commerce transactions are over an inherently insecure medium--the Internet. Businesses have learned the hard way that there is no "silver bullet" solution--not encryption, not firewalls, not even secure protocols. Like a chain, the security of e-commerce is only as strong as its weakest link.

Practical Software Configuration Management
By:
Tim Mikkelsen, Suzanne Pherigo
Published:
1997

With this book, individual developers and small development teams can gain the benefits of configuration management that were previously restricted to large organizations with large budgets. This pragmatic, easy-to-read guide to configuration management comes with all the freeware PC developers need to get started.

Software Engineering: A Practitioner’s Approach
By:
Roger Pressman
Published:
1997

This book provides a comprehensive description of software engineering including conventional development methods and advanced approaches, like object-oriented development and cleanroom software engineering. The book also addresses management issues such as project planning, risk management, quality assurance, and configuration management.

Quality Software Management, Volume 4
By:
Gerald Weinberg
Published:
1996

This is volume four in a four-volume set. This book focuses on how to create the environment necessary to implement the processes and concepts described in the previous three volumes. The key focus is getting the required support and environment in place to support process improvement.

The Automated Testing Handbook
By:
Linda G. Hayes
Published:
1995

This handbook provides a good introduction to test automation and an overview of key technical concepts. It helps the reader to select a test-automation approach and to choose the right testing process.

Quality Is Free
By:
Philip B. Crosby
Published:
1982

Stressing the basic but often ignored management concept of maximum efficiency and zero defects, the author details easy-to-implement programs and actual case histories designed to benefit the small businessman, the middle manager, and the supervisor, as well as the giant corporation.

Upcoming Events

Nov 09
Nov 09
Nov 09
Nov 09