RESILIENT. SECURE and SOFTWARE. Requirements, Test Cases, and Testing Methods. Mark S. Merkow and Lakshmikanth Raghavan. CRC Press

Size: px

Start display at page:

Download "RESILIENT. SECURE and SOFTWARE. Requirements, Test Cases, and Testing Methods. Mark S. Merkow and Lakshmikanth Raghavan. CRC Press"

Morris Wilkins
8 years ago
Views:

1 SECURE and RESILIENT SOFTWARE Requirements, Test Cases, and Testing Methods Mark S. Merkow and Lakshmikanth Raghavan CRC Press Taylor & Francis Group Boca Raton London New York CRC Press Is an imprint of the Taylor & Francis Group, an informa business AN AUERBACH BOOK

Merkow and Lakshmikanth Raghavan CRC Press Taylor & Francis Group

2 Contents Preface xi How This Book Is Organized xii What's On the CD? xv About the Authors xvii Acknowledgements From Mark Merkow From Laksh Raghavan xix xvii xviii Chapter 1 Introduction Secure and Resilient Bad Design Choices Led to the Vulnerable Internet We Know Today HTTP Has Its Problems, Too Design Errors Continue Haunting Us Today Requirements & Design: The Keys to a Successful Project How Design Flaws Play Out DNS Vulnerability The London Stock Exchange Medical Equipment Airbus A Solutions Are In Sight! Notes 13 V

2 Bad Design Choices Led to the Vulnerable Internet We Know Today 2 1.3 HTTP Has Its Problems, Too 4 1.4 Design Errors Continue Haunting Us Today 6 1.

3 vi Contents Chapter 2 Nonfunctional Requirements (NFRs) in Context System Quality Requirements Engineering (SQUARE) Agree on Definitions Identify Assets and Security/Quality Coals Perform Risk Assessments Elicit Security Requirements Prioritize Requirements Characteristics of Good Requirements Summary Notes 23 Chapter 3 Resilience and Quality Considerations for Application Software and the Application Runtime Environment Relationships among Nonfunctional Requirements Considerations for Developing NFRs for your Applications and Runtime Environment Checking Your Work Summary Notes 52 Chapter 4 Security Requirements for Application Software Security Control Types Think Like an Attacker Detailed Security Requirements Identification Requirements Authentication Requirements Authorization Requirements Security Auditing Requirements Confidentiality Requirements Integrity Requirements Availability Requirements Nonrepudiation Requirements Immunity Requirements Survivability Requirements Systems Maintenance Security Requirements Privacy Requirements Summary References 135

4 Notes 23 Chapter 3 Resilience and Quality Considerations for Application Software and the Application Runtime Environment 25 3.1 Relationships among Nonfunctional Requirements 26 3.

4 . Contents vii Chapter 5 Security Services for the Application Operating Environment The Open Group Architecture Framework (TOGAF) Standardizing Tools for an Enterprise Architecture Security Technical Reference Model (TRM) Identification and Authentication System Entry Control Audit Access Control Nonrepudiation Security Management Trusted Recovery Encryption Trusted Communications Summary References 146 Chapter 6 Software Design Considerations for Security and Resilience Design Issues Architecture and Design Considerations Special Security Design Considerations for Payment Applications on Mobile Communications Devices Designing for Integrity Architecture and Design Review Checklist Summary References 165 Chapter 7 Best Practices for Converting Requirements to Secure Software Designs Secure Design Approach Reusable Security APIs/Libraries Security Frameworks Establishing and Following Best Practices for Design Security Requirements Security Recommendations What's an Attack Surface? What Is Managed Code? 173

3.4 Access Control 143 5.3.5 Nonrepudiation 143 5.3.6 Security Management 144 5.3.7 Trusted Recovery 144 5.3.8 Encryption 144 5.3.9 Trusted Communications 145 5.4 Summary 146 5.

5 viii Contents 7.9 Understanding Business Requirements for Security Design Summary References 176 Chapter 8 Security Test Cases Standardized Testing Policy Security Test Cases Test Cases for Identification Requirements Test Cases for Authentication Requirements Test Cases for Authorization Requirements Test Cases for Security Auditing Requirements Test Cases for Confidentiality Requirements Test Cases for Integrity Requirements Test Cases for Availability Requirements Test Cases for Nonrepudiation Requirements Test Cases for Immunity Requirements Test Cases for Survivability Requirements Test Cases for Systems Maintenance Security Requirements Summary 215 Chapter 9 Testing Methods and Best Practices Secure Testing Approach OWASP's Application Security Verification Standard (ASVS) Application Security Verification Levels Level 1 Automated Verification Level 2 Manual Verification Level 3 Design Verification Level 4 Internal Verification Security Testing Methods Manual Source Code Review Automated Source Code Analysis 225

3.2 Test Cases for Confidentiality Requirements 199 8.3.3 Test Cases for Integrity Requirements 203 8.3.4 Test Cases for Availability Requirements 206 8.3.5 Test Cases for Nonrepudiation Requirements 207 8.

6 Contents ix Automated Reviews Compared with Manual Reviews Automated Source Code Analysis Tools Deployment Strategy IDE Integration for Developers Build Integration for Governance Automated Dynamic Analysis Limitations of Automated Dynamic Analysis Tools Automated Dynamic Analysis Tools Deployment Strategy Developer Testing Centralized Quality Assurance Testing Penetration (Pen) Testing Gray Box Testing Summary References 232 Chapter 10 Connecting the Moving Parts OpenSAMM Security Requirements Level Security Requirements: Security Requirements: Level Security Requirements: Level Security Testing Security Testing: Level Security Testing: Level Security Testing: Level Wrap-Up 10.5 References 249 Index 251

5 Penetration (Pen) Testing 231 9.5.1 Gray Box Testing 232 9.6 Summary 232 9.7 References 232 Chapter 10 Connecting the Moving Parts 235 10.1 OpenSAMM 236 10.

Development. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group,

Development. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group, Secure and Resilient Software Development Mark S. Merkow Lakshmikanth Raghavan CRC Press Taylor& Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Group, an Informs