Secure and Resilient Software Development
Although many software books highlight open problems in secure software development, few provide easily actionable, ground-level solutions. Breaking the mold, Secure and Resilient Software Development teaches you how to apply best practices and standards for consistent and secure software development. It details specific quality software development strategies and practices that stress resilience requirements with precise, actionable, and ground-level inputs.
Providing comprehensive coverage, the book illustrates all phases of the secure software development life cycle. It shows developers how to master non-functional requirements including reliability, security, and resilience. The authors provide expert-level guidance through all phases of the process and supply many best practices, principles, testing practices, and design methodologies.
Review By: Siva Krishnajee
05/27/2011This book covers a wide range of audiences—software development managers, architects, development engineers, quality assurance engineers, and product managers. It provides details about security for each audience, but it covers more than security issues.
The book starts with an overview on security and then covers security in all aspects of the SDLC, from design to development, testing, and implementation. Even entry-level people in the IT industry will be able to understand the concepts and will be able to apply this knowledge.
My favorite part of the book is the practical tips. It provides information on what tools developers and testers can use to develop and test security aspects of applications. Details on open source tools will help testers start work immediately.
Appendix A lists twenty-five security programming issues and how to prevent them. This is a great deal of information both for software development vendors and for enterprises. Every enterprise can use this with software vendors to check whether the software is meeting the security standards are not.
The authors mention security in cloud and mobile computing devices, but not in depth. This is an area of concern for enterprises, and I wish that the authors would come out with a new book on cloud and mobile security.
This book closes a gap in security in software development. Generally, books on security will provide only theoretical details concerning security. There are some books with a focus on specific vendors and their products. But, the authors of this book take a vendor-neutral approach in dealing with the issues and provide practical tips on top of theoretical issues.