Skip to main content

Software Engineering | Security and Privacy | Security

Security

Graphics Format

Software security is important, especially in distributed systems, to protect the integrity of the information stored and used by a software system. Questions about security requirements should be asked of the customers during requirements solicitation. The best practice for providing a secure system to customers is to ensure that security concerns are provided for upfront, and during all phases of development. Adding security features to an application, after development of the main functionality is complete, is difficult.

Author: Laurie Williams and Sarah Heckman

Maintained By: Sarah Heckman

Last Updated: 2008-08-15

Security and Privacy

Next

Return to the front page to select a course

Schedule not available

Skip to Modules

Skip to Assignments

Assignments

Lectures

Williams: Risk Based Security Testing

Williams: Security Testing

Williams: Secure Software Development Lifecycle

McGraw: Security Testing podcast

Williams: Input Validation XSS

Gegick: Intro to Security Testing

McGraw: Software Security: Building Security In

Sherriff, Mark: Database Security

Readings

OWASP: A Guide to Building Secure Web Applications

McGraw and Viega: Make your software behave: Security by obscurity

Dustin: Secure Software Development Lifecycle

McGraw and Viega: Making software behave

Viega and McGraw: Building secure software: Selecting technologies, Part 1

Sindre and Opdahl: Capturing Security Requirements through Misuse Cases

Williams, Earp, Anton: Security Plan

McGraw and Viega: Software security principals: Part 5

Gilliam, Wolfe, Sherif, and Bishop: Software Security Checklist for the Software Life Cycle

McGraw and Viega: Make your software behave : Assuring your software is secure

McGraw and Viega: Software security principles: Part 4

Premkumar T. Devanbu and Stuart Stubblebine: Software Engineering for Security

McGraw and Viega: Make your software behave: Learning the basics of buffer overflows

Galvin: Unix Secure Programming FAQ

Howard: SSDL at Microsoft

Thompson: Why Security Testing is Hard

McGraw and Viega: Make your software behave: Preventing buffer overflows

Viega and McGraw: Building secure software: Selecting technologies, Part 2

Threat Modeling

Sites

Gegick and Isakson: WARD

McGraw, Felten: Securing Java

Mitre: Common Weakness Enumeration

Sans: Sans Security

Threat Modeling

Dept. of Homeland Security: Build Security In

Tutorials

Meneely and Williams: Using HttpUnit for Security Testing

Gegick: WARD