Books Guide: Secure Software Development

Tools used for penetration testing are often purchased or downloaded from the Internet. Each tool is based on a programming language such as Perl, Python, or Ruby. If a penetration tester wants to extend, augment, or change the functionality of a tool to perform a test differently than the default configuration, the tester must know the basics of coding for the related programming language.

Many enterprises unfortunately depend on software that is insecure, unreliable, and fragile. They compensate by investing heavily in workarounds and maintenance, and by employing hordes of "gurus" to manage their systems' flaws. This must change. And it can. In this book, respected software architect Clifford J. Berg shows how to design high-assurance applications-applications with proven, built-in reliability, security, manageability, and maintainability.

In this thought-provoking anthology, today's security experts describe bold and extraordinary methods used to secure computer systems in the face of ever-increasing threats.

Every year, computer security threats become more severe. Software alone can no longer adequately defend against them: what’s needed is secure hardware. The Trusted Platform Module (TPM) makes that possible by providing a complete, open industry standard for implementing trusted computing hardware subsystems in PCs. Already available from virtually every leading PC manufacturer, TPM gives software professionals powerful new ways to protect their customers.

Over 75% of network attacks are targeted at the web application layer. This book provides explicit hacks, tutorials, penetration tests, and step-by-step demonstrations for security professionals and Web application developers to defend their most vulnerable applications.

Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods.

Web Services are an integral part of next generation Web applications. The development and use of these services is growing at an incredible rate, and so too are the security issues surrounding them. Hacking Web Services is a practical guide for understanding Web services security and assessment methodologies. Written for intermediate-to-advanced security professionals and developers, the book provides an in-depth look at new concepts and tools used for Web services security.

This book is a practical guide to simulating, detecting, and responding to network attacks. Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation.

The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the “bad guys” do.

The rise of network-based, automated services in the past decade has definitely changed the way businesses operate, but not always for the better. Offering services, conducting transactions and moving data on the Web opens new opportunities, but many CTOs and CIOs are more concerned with the risks. Like the rulers of medieval cities, they've adopted a siege mentality, building walls to keep the bad guys out. It makes for a secure perimeter, but hampers the flow of commerce.

Honeypots for Windows will cover installing, configuring, and maintaining security Honeypots on Windows platforms, specifically the popular open source Honeypot product called honeyd, and summarize other commercial Honeypot solutions. There are no computer security books covering Honeypots (or IDSs) as they run on Windows platforms.

How to Break Software Security describes the general problem of software security in a practical perspective from a software tester's point of view. It defines prescriptive techniques (attacks that testers can use on their own software) that are designed to ferret out security vulnerabilities in software applications.

A network security breach (a hack, crack, or other invasion) occurs when unauthorized access to the network is achieved and havoc results. The best possible defense is an offensive strategy that allows you to regularly test your network to reveal the vulnerabilities and close the holes before someone gets in. Also, learn how to conduct thorough security examinations via illustrations and virtual simulations.

Most organizations have a firewall, antivirus software, and intrusion detection systems, all of which are intended to keep attackers out. So why is computer security a bigger problem today than ever before? The answer is simple—bad software lies at the heart of all computer security problems. Traditional solutions simply treat the symptoms, not the problem, and usually do so in a reactive way. This book teaches you how to take a proactive approach to computer security.

Why do so many software projects fail? The reality is that many of these projects are led by programmers or developers thrown into the role of project manager without the necessary skills or training to see a project through successfully. Patricia Ensworth has written a hands-on survival guide designed to rescue the "accidental project manager" and help them to quickly ramp up on all key areas involved in software project management.

Billions of dollars are wasted each year on IT software projects that are developed and either released late or never used. In light of recent large-scale errors, and methods, tools, and practices used for software development have become the subject of significant study and analysis. One quantitative method for analysis is software assessment, which explores the methodologies used by businesses for software development.

With this book, individual developers and small development teams can gain the benefits of configuration management that were previously restricted to large organizations with large budgets. This pragmatic, easy-to-read guide to configuration management comes with all the freeware PC developers need to get started.

This is volume four in a four-volume set. This book focuses on how to create the environment necessary to implement the processes and concepts described in the previous three volumes. The key focus is getting the required support and environment in place to support process improvement.