Secure Software Design

Introduction

• The World Turned Upside Down
• The Lingo
• The Usual Suspects
• The Many Hats of Hackers
• The Tools of the Trade
• Fighting Fire
• Changing the Design
• Red vs. Blue
• The Shape of Things
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

Current and Emerging Threats

• The Human Factor
• The Network
• The Operating System Environment
• Data Management
• Data-Centric Threats
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

The Network Environment

• Introducing Eve
• The Science of Secrecy
• Eve Unleashed
• Malicious Modifications and Insidious Insertions
• Play It Again, Eve
• Eve in the Middle
• Making the Connection
• Roll Up the Welcome Mat
• The Why in What and How
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

The Operating System Environment

• What Is Operating System Security?
• Common Operating Systems
• Operating System Threats
• Operating System Defense Tactics
• Auditing and Monitoring
• Backup and Redundancy
• Remote Access Security
• Virtualization
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

The Database Environment

• Database Fundamentals
• Conceptual Design
• The Logical Design
• The Physical Design
• The User Interface
• Web Applications and the Internet
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

Programming Languages

• Language Barriers
• Buffer Bashing
• Good Input
• Good Output
• Inherent Inheritance and Overdoing Overloads
• The Threatdown
• Deployment Issues
• 13.7.1 Threat Risk Modeling [OWASP Web Resource]
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

Security Requirements Planning

• 14.0a - SDLC Introduction
• You, Me, and the SDLC
• Establishing Stakeholders
• Gathering Requirements
• 14.3a - SDLC Requirements Analysis
• 14.3b - SDLC Design
• 14.3c - SDLC Construction - Implementation
• Functional and Nonfunctional Security
• 14.4a - SDLC Testing
• 14.4b - SDLC Installation
• 14.4c - SDLC Operation
• Establishing Scope
• 14.5a - SDLC Maintenance
• 14.5b - SDLC Recap
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

Vulnerability Mapping

• Use Case Construction and Extension
• Managing Misuse
• Off the Map
• Sequence Diagrams and Class Analysis
• Data Planning
• Knowing Your Boundaries
• Examining Communication, Activity, and State Diagrams
• Vulnerability Mapping
• Complete Business System Specifications
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

Development and Implementation

• Architecture Decision
• Software Sources
• Watch Your Language
• Class Security Analysis
• Procedural Security
• Modular Mayhem
• The Life of Data
• Attack Surface Reduction
• Document, Document, Document
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

Application Review and Testing

• Static Analysis
• Dynamic Analysis
• Casing the Joint
• The Takedown
• Never Stop at One
• Hardening the System
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

Incorporating SSD with the SDLC

• The Incident Response Plan
• The Final Security Review
• Into the Wild
• Review and React
• A Culture of Security
• Integration Tools
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

Personnel Training

• The Information Security Audience
• An Organization’s Culture in the Web 2.0 Era
• Information Assurance Curriculum Content
• Security Training Delivery Methods
• Implementing a Training Solution
• Enforcing Computer Policy and Computer Crime Investigations
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

A Culture Of Security

• Confidentiality, Integrity, and Availability
• Driving the Development Process with Consistency
• Secure Software Design—Legal Environment
• Security Policy in the Organization
• Enforcing Security Policy
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

Web Application Threats

• The Client at Risk
• The Biggest Threats to Web Applications
• JavaScript and AJAX
• Adobe Flash
• ActiveX
• Simplify, Restrict, and Scrub
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

Secure Data Management

• Modern Threats to Database Security
• Managing Roles and Access
• Database Auditing
• Database Backup and Recovery Strategy
• Data in the Cloud Environment
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

Zero Day And Beyond

• Prediction Through Penetration Testing
• The Insider Threat and Beyond
• Mitigation to Defend Against the Unknown
• The Organization Incident Response
• The Business Continuity Plan
• Becoming and Staying Proactive
• Lesson Summary
• Lesson Exercise
• Business Application
• Critical Thinking
• Graduate Focus
• Bibliography

Practice Labs