Software Security : Building Security In
Submitted by admin on Tue, 08/14/2007 - 22:26.
Gary McGraw describes in detail how to effectively build security into your software applications. He goes into in-depth analysis of what needs to occur when and how to get software security going. Gary explains how to build software security not just by performing some penetration tests during the software development life cycle, but by incorporating security touch points throughout the entire life cycle and measuring the artifacts generated at each and every point.
This book is a great book for any working in the software industry and contributing to developing a software application. Manager, developer, tester, anyone part of the software life cycle will find very valuable information within this book. It will inform you when and where software security needs to be thought about, how to perform a software security analysis, and what artifacts can and should be collected to monitor this process.
Software security is not the job of the IT admin anymore. Everyday there are more and more security bugs and flaws discovered in software. Gary does a great job describing why software cannot be just pen-tested and shipped. Security needs to be thought of throughout the software development process. QA and Testing should not be the only ones thinking of this. Everyone working on a software project should read this book and discover how to incorporate some of Gary's idea's into practice to help develop more secure software.
I highly recommend reading this book and discovering how to build security within your current, existing, and new software projects. Gary breaks down the software development life cycle and describes what needs to occur when and where build security into software.