The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software
Author: Michael Howard
The software industry has been struggling with how to create and release software that is more security-enhanced and reliable- the Security Development Lifecycle (SDL) provides a methodology that works. Adapted from Microsoft's standard development process, SDL is a critical way to help reduce the number of security defects in code at every stage of the development process, from design to release. In addition to a brief history of the methodology, this book details each stage of the SDL methodology and discusses its implementation across a range of Microsoft software, including Microsoft Windows Server 2003, Microsoft SQL Server 2000 Service Pack 3, and Microsoft Exchange Server 2003 Service Pack 1, to help measurably improve security features. Coauthored by Michael Howard and Steve Lipner, you get direct access to insights from Microsoft's security team and lessons that are repeatable and applicable to software development processes worldwide, whether on a small-scale or large-scale. This book includes a CD featuring videos of developer training classes.
Table of Contents:
| 1 | Enough is enough : the threats have changed | 3 |
| 2 | Current software development methods fail to produce secure software | 17 |
| 3 | A short history of the SDL at Microsoft | 27 |
| 4 | SDL for management | 41 |
| 5 | Stage O : education and awareness | 53 |
| 6 | Stage 1 : project inception | 67 |
| 7 | Stage 2 : define and follow design best practices | 75 |
| 8 | Stage 3 : product risk assessment | 93 |
| 9 | Stage 4 : risk analysis | 101 |
| 10 | Stage 5 : creating security documents, tools, and best practices for customers | 133 |
| 11 | Stage 6 : secure coding policies | 143 |
| 12 | Stage 7 : secure testing policies | 153 |
| 13 | Stage 8 : the security push | 169 |
| 14 | Stage 9 : the final security review | 181 |
| 15 | Stage 10 : security response planning | 187 |
| 16 | Stage 11 : product release | 215 |
| 17 | Stage 12 : security response execution | 217 |
| 18 | Integrating SDL with agile methods | 225 |
| 19 | SDL banned function calls | 241 |
| 20 | SDL minimum cryptographic standards | 251 |
| 21 | SDL-required tools and compiler options | 259 |
| 22 | Threat tree patterns | 269 |
Interesting book: Coming China Wars or Wheres Bin Laden
Linear System Theory and Design
Author: Chi Tsong Chen
An extensive revision of the author's highly successful text, this third edition of Linear System Theory and Design has been made more accessible to students from all related backgrounds. After introducing the fundamental properties of linear systems, the text discusses design using state equations and transfer functions. In state-space design, Lyapunov equations are used extensively to design state feedback and state estimators. In the discussion of transfer-function design, pole placement, model matching, and their applications in tracking and disturbance rejection are covered. Both one-and two-degree-of-freedom configurations are used. All designs can be accomplished by solving sets of linear algebraic equations.
The two main objectives of the text are to:
DT use simple and efficient methods to develop results and design procedures
DT enable students to employ the results to carry out design
All results in this new edition are developed for numerical computation and illustrated using MATLAB, with an emphasis on the ideas behind the computation and interpretation of results. This book develops all theorems and results in a logical way so that readers can gain an intuitive understanding of the theorems. This revised edition begins with the time-invariant case and extends through the time-varying case. It also starts with single-input single-output design and extends to multi-input multi-output design. Striking a balance between theory and applications, Linear System Theory and Design, 3/e, is ideal for use in advanced undergraduate/first-year graduate courses in linear systems and multivariable system design in electrical, mechanical, chemical, andaeronautical engineering departments. It assumes a working knowledge of linear algebra and the Laplace transform and an elementary knowledge of differential equations.
No comments:
Post a Comment