RESILIENT. SECURE and SOFTWARE. Requirements, Test Cases, and Testing Methods. Mark S. Merkow and Lakshmikanth Raghavan. CRC Press

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "RESILIENT. SECURE and SOFTWARE. Requirements, Test Cases, and Testing Methods. Mark S. Merkow and Lakshmikanth Raghavan. CRC Press"

Transcription

1 SECURE and RESILIENT SOFTWARE Requirements, Test Cases, and Testing Methods Mark S. Merkow and Lakshmikanth Raghavan CRC Press Taylor & Francis Group Boca Raton London New York CRC Press Is an imprint of the Taylor & Francis Group, an informa business AN AUERBACH BOOK

2 Contents Preface xi How This Book Is Organized xii What's On the CD? xv About the Authors xvii Acknowledgements From Mark Merkow From Laksh Raghavan xix xvii xviii Chapter 1 Introduction Secure and Resilient Bad Design Choices Led to the Vulnerable Internet We Know Today HTTP Has Its Problems, Too Design Errors Continue Haunting Us Today Requirements & Design: The Keys to a Successful Project How Design Flaws Play Out DNS Vulnerability The London Stock Exchange Medical Equipment Airbus A Solutions Are In Sight! Notes 13 V

3 vi Contents Chapter 2 Nonfunctional Requirements (NFRs) in Context System Quality Requirements Engineering (SQUARE) Agree on Definitions Identify Assets and Security/Quality Coals Perform Risk Assessments Elicit Security Requirements Prioritize Requirements Characteristics of Good Requirements Summary Notes 23 Chapter 3 Resilience and Quality Considerations for Application Software and the Application Runtime Environment Relationships among Nonfunctional Requirements Considerations for Developing NFRs for your Applications and Runtime Environment Checking Your Work Summary Notes 52 Chapter 4 Security Requirements for Application Software Security Control Types Think Like an Attacker Detailed Security Requirements Identification Requirements Authentication Requirements Authorization Requirements Security Auditing Requirements Confidentiality Requirements Integrity Requirements Availability Requirements Nonrepudiation Requirements Immunity Requirements Survivability Requirements Systems Maintenance Security Requirements Privacy Requirements Summary References 135

4 . Contents vii Chapter 5 Security Services for the Application Operating Environment The Open Group Architecture Framework (TOGAF) Standardizing Tools for an Enterprise Architecture Security Technical Reference Model (TRM) Identification and Authentication System Entry Control Audit Access Control Nonrepudiation Security Management Trusted Recovery Encryption Trusted Communications Summary References 146 Chapter 6 Software Design Considerations for Security and Resilience Design Issues Architecture and Design Considerations Special Security Design Considerations for Payment Applications on Mobile Communications Devices Designing for Integrity Architecture and Design Review Checklist Summary References 165 Chapter 7 Best Practices for Converting Requirements to Secure Software Designs Secure Design Approach Reusable Security APIs/Libraries Security Frameworks Establishing and Following Best Practices for Design Security Requirements Security Recommendations What's an Attack Surface? What Is Managed Code? 173

5 viii Contents 7.9 Understanding Business Requirements for Security Design Summary References 176 Chapter 8 Security Test Cases Standardized Testing Policy Security Test Cases Test Cases for Identification Requirements Test Cases for Authentication Requirements Test Cases for Authorization Requirements Test Cases for Security Auditing Requirements Test Cases for Confidentiality Requirements Test Cases for Integrity Requirements Test Cases for Availability Requirements Test Cases for Nonrepudiation Requirements Test Cases for Immunity Requirements Test Cases for Survivability Requirements Test Cases for Systems Maintenance Security Requirements Summary 215 Chapter 9 Testing Methods and Best Practices Secure Testing Approach OWASP's Application Security Verification Standard (ASVS) Application Security Verification Levels Level 1 Automated Verification Level 2 Manual Verification Level 3 Design Verification Level 4 Internal Verification Security Testing Methods Manual Source Code Review Automated Source Code Analysis 225

6 Contents ix Automated Reviews Compared with Manual Reviews Automated Source Code Analysis Tools Deployment Strategy IDE Integration for Developers Build Integration for Governance Automated Dynamic Analysis Limitations of Automated Dynamic Analysis Tools Automated Dynamic Analysis Tools Deployment Strategy Developer Testing Centralized Quality Assurance Testing Penetration (Pen) Testing Gray Box Testing Summary References 232 Chapter 10 Connecting the Moving Parts OpenSAMM Security Requirements Level Security Requirements: Security Requirements: Level Security Requirements: Level Security Testing Security Testing: Level Security Testing: Level Security Testing: Level Wrap-Up 10.5 References 249 Index 251

Development and Management

Development and Management Cloud Database Development and Management Lee Chao CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an Informa business AN AUERBACH BOOK

More information

SOFTWARE TESTING AS A SERVICE

SOFTWARE TESTING AS A SERVICE SOFTWARE TESTING AS A SERVICE ASHFAQUE AHMED (g) CRC Press Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business AN AUERBACH BOOK

More information

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ ^ Boca Raton London New York ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an

More information

Management. Project. Software. Ashfaque Ahmed. A Process-Driven Approach. CRC Press. Taylor Si Francis Group Boca Raton London New York

Management. Project. Software. Ashfaque Ahmed. A Process-Driven Approach. CRC Press. Taylor Si Francis Group Boca Raton London New York Software Project Management A Process-Driven Approach Ashfaque Ahmed CRC Press Taylor Si Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Croup, an Informa business

More information

Ctfo MANAGEMENT SECURITY PATCH. Felicia M. Nicastro. Second Edition. CRC Press. VC#*' J Taylor & Francis Group / Boca Raton London New York

Ctfo MANAGEMENT SECURITY PATCH. Felicia M. Nicastro. Second Edition. CRC Press. VC#*' J Taylor & Francis Group / Boca Raton London New York SECURITY PATCH MANAGEMENT Second Edition Felicia M. Nicastro Ctfo CRC Press VC#*' J Taylor & Francis Group / Boca Raton London New York CRC Press Is an imprint of the Taylor & Francis Croup, an Informa

More information

Networking. Systems Design and. Development. CRC Press. Taylor & Francis Croup. Boca Raton London New York. CRC Press is an imprint of the

Networking. Systems Design and. Development. CRC Press. Taylor & Francis Croup. Boca Raton London New York. CRC Press is an imprint of the Networking Systems Design and Development Lee Chao CRC Press Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an Informa business AN AUERBACH BOOK

More information

CHAPMAN & HALL/CRC INNOVATIONS IN SOFTWARE ENGINEERING AND SOFTWARE DEVELOPMENT. Software Test Attacks to Break Mobile and Embedded Devices

CHAPMAN & HALL/CRC INNOVATIONS IN SOFTWARE ENGINEERING AND SOFTWARE DEVELOPMENT. Software Test Attacks to Break Mobile and Embedded Devices CHAPMAN & HALL/CRC INNOVATIONS IN SOFTWARE ENGINEERING AND SOFTWARE DEVELOPMENT Software Test Attacks to Break Mobile and Embedded Devices Jon Duncan Hagar (g) CRC Press Taylor & Francis Group Boca Raton

More information

Management. ITIL Release. Dave Howard. A Hands-on Guide. CRC Press. Taylor & Francis Group. Taylor St Francis Croup, an Informa business

Management. ITIL Release. Dave Howard. A Hands-on Guide. CRC Press. Taylor & Francis Group. Taylor St Francis Croup, an Informa business ITIL Release Management A Hands-on Guide Dave Howard CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Croup, an Informa business AN AUERBACH

More information

Engineering Design. Software. Theory and Practice. Carlos E. Otero. CRC Press. Taylor & Francis Croup. Taylor St Francis Croup, an Informa business

Engineering Design. Software. Theory and Practice. Carlos E. Otero. CRC Press. Taylor & Francis Croup. Taylor St Francis Croup, an Informa business Software Engineering Design Theory and Practice Carlos E. Otero CRC Press Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Croup, an Informa business AN

More information

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, 2013. p i.

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, 2013. p i. New York, NY, USA: Basic Books, 2013. p i. http://site.ebrary.com/lib/mcgill/doc?id=10665296&ppg=2 New York, NY, USA: Basic Books, 2013. p ii. http://site.ebrary.com/lib/mcgill/doc?id=10665296&ppg=3 New

More information

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER Securing the Cloud Cloud Computer Security Techniques and Tactics Vic (J.R.) Winkler Technical Editor Bill Meine ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

Quality Management. Theory and Application PETER D. MAUCH. Ltfi) CRC Press. \ V J Taylor & Francis Group. ^ ^ Boca Raton London New York

Quality Management. Theory and Application PETER D. MAUCH. Ltfi) CRC Press. \ V J Taylor & Francis Group. ^ ^ Boca Raton London New York Quality Management Theory and Application PETER D. MAUCH Ltfi) CRC Press \ V J Taylor & Francis Group ^ ^ Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an Informa business

More information

Implementing the Project Management Balanced Scorecard

Implementing the Project Management Balanced Scorecard Implementing the Project Management Balanced Scorecard Jessica Keyes CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an informa business

More information

Computer Security Literacy

Computer Security Literacy Computer Security Literacy Staying Safe in a Digital World Douglas Jacobson and Joseph Idziorek CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis

More information

Security, and Intelligence

Security, and Intelligence Machine Learning Forensics for Law Enforcement, Security, and Intelligence Jesus Mena CRC Press Taylor &. Francis Group Boca Raton London NewYork CRC Press is an imprint of the Taylor & Francis Croup,

More information

Effective Methods for Software and Systems Integration

Effective Methods for Software and Systems Integration Effective Methods for Software and Systems Integration Boyd L. Summers CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 CRC Press is an imprint of Taylor

More information

Governance Simplified

Governance Simplified Information Security Governance Simplified From the Boardroom to the Keyboard TODD FITZGERALD, cissp; cisa, cism Foreword by Tom Peltier CRC Press Taylor & Francis Croup Boca Raton London NewYork CRC Press

More information

Improving Business Process Performance

Improving Business Process Performance Improving Business Process Performance Gain Agility, Create Value, and Achieve Success JOSEPH RAYNUS CRC Press Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor &

More information

Requirements Engineering for Software

Requirements Engineering for Software Requirements Engineering for Software and Systems Second Edition Phillip A. Laplante CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an

More information

Networking. Cloud and Virtual. Data Storage. Greg Schulz. Your journey. effective information services. to efficient and.

Networking. Cloud and Virtual. Data Storage. Greg Schulz. Your journey. effective information services. to efficient and. Cloud and Virtual Data Storage Networking Your journey to efficient and effective information services Greg Schulz CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of

More information

in Business Technology Management

in Business Technology Management Best Practices in Business Technology Management Stephen J. Andriole CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an informa business

More information

Introduction to Supply Chain Management Technologies

Introduction to Supply Chain Management Technologies Introduction to Supply Chain Management Technologies Second Edition David Frederick Ross CRC Press Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup,

More information

Design of Enterprise Systems

Design of Enterprise Systems Design of Enterprise Systems Theory, Architecture, and Methods Ronald E. Giachetti CRC Press Taylor &. Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an

More information

Implementation. Business-Driven IT-Wide Agile (Scrum) and Kanban (Lean) Andrew T. Pham and David K. Pham. An Action Guide for Business and IT Leaders

Implementation. Business-Driven IT-Wide Agile (Scrum) and Kanban (Lean) Andrew T. Pham and David K. Pham. An Action Guide for Business and IT Leaders Business-Driven IT-Wide Agile (Scrum) and Kanban (Lean) Implementation An Action Guide for Business and IT Leaders Andrew T. Pham and David K. Pham Foreword by Jack Bergstrand, Former CFO of the Coca-Cola

More information

Customer and Business Analytic

Customer and Business Analytic Customer and Business Analytic Applied Data Mining for Business Decision Making Using R Daniel S. Putler Robert E. Krider CRC Press Taylor &. Francis Group Boca Raton London New York CRC Press is an imprint

More information

Contents. xvii. Preface. xxi. Foreword. 1 Introduction 1. Preamble 1. Scope and Structure of the Book 3. Acknowledgments 4 Endnotes 5

Contents. xvii. Preface. xxi. Foreword. 1 Introduction 1. Preamble 1. Scope and Structure of the Book 3. Acknowledgments 4 Endnotes 5 Contents Preface Foreword xvii xxi 1 Introduction 1 Preamble 1 Scope and Structure of the Book 3 Acknowledgments 4 Endnotes 5 2 Engineering Systems 7 Introduction 8 Some Initial Observations 8 Deficient

More information

Cloud Computing. and Scheduling. Data-Intensive Computing. Frederic Magoules, Jie Pan, and Fei Teng SILKQH. CRC Press. Taylor & Francis Group

Cloud Computing. and Scheduling. Data-Intensive Computing. Frederic Magoules, Jie Pan, and Fei Teng SILKQH. CRC Press. Taylor & Francis Group Cloud Computing Data-Intensive Computing and Scheduling Frederic Magoules, Jie Pan, and Fei Teng SILKQH CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor

More information

Cloud Computing. Implementation, Management, and Security. John W. Rittinghouse James F. Ransome

Cloud Computing. Implementation, Management, and Security. John W. Rittinghouse James F. Ransome Cloud Computing Implementation, Management, and Security John W. Rittinghouse James F. Ransome ( r öc) CRC Press W / Taylor &. Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor

More information

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso Cyber Attacks Protecting National Infrastructure Student Edition Edward G. Amoroso ELSEVIER. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann

More information

MS Information Security (MSIS)

MS Information Security (MSIS) MS Information Security (MSIS) Riphah Institute of Systems Engineering (RISE) Riphah International University, Islamabad, Pakistan 1. Program Overview: The program aims to develop core competencies in

More information

Deliuery Networks. A Practical Guide to Content. Gilbert Held. Second Edition. CRC Press. Taylor & Francis Group

Deliuery Networks. A Practical Guide to Content. Gilbert Held. Second Edition. CRC Press. Taylor & Francis Group A Practical Guide to Content Deliuery Networks Second Edition Gilbert Held CRC Press Taylor & Francis Group Boca Raton London NewYork CRC Press is an imprint of the Taylor & Francis Croup, an informa business

More information

Open Source Data Warehousing and Business Intelligence

Open Source Data Warehousing and Business Intelligence Open Source Data Warehousing and Business Intelligence Lakshman Bulusu CRC Press Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an infonna business

More information

Lean Management System LMS:2OI2

Lean Management System LMS:2OI2 Lean Management System LMS:2OI2 A Framework for Continual Lean Improvement William A. Levinson f r oc) CRC Press \M ^ J Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the

More information

CREATING A THIRD EDITION DAVID MANN

CREATING A THIRD EDITION DAVID MANN CREATING A LEAN CULTURE Tools to Sustain Lean Conversions THIRD EDITION DAVID MANN CRC Press Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Group, an

More information

Data Center Storage. Hubbert Smith. Implementation, and Management »C) Cost-Effective Strategies, CRC Press J Taylor & Francis Group

Data Center Storage. Hubbert Smith. Implementation, and Management »C) Cost-Effective Strategies, CRC Press J Taylor & Francis Group Data Center Storage Cost-Effective Strategies, Implementation, and Management Hubbert Smith»C) CRC Press J Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis

More information

Supply Chain Risk. An Emerging Discipline. Gregory L. Schlegel. Robert J. Trent

Supply Chain Risk. An Emerging Discipline. Gregory L. Schlegel. Robert J. Trent Supply Chain Risk Management An Emerging Discipline Gregory L. Schlegel Robert J. Trent CRC Press Taylors.Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup,

More information

Detection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup

Detection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup Network Anomaly Detection A Machine Learning Perspective Dhruba Kumar Bhattacharyya Jugal Kumar KaKta»C) CRC Press J Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor

More information

GFSU Certified Cyber Crime Investigator GFSU-CCCI. Training Partner. Important dates for all batches

GFSU Certified Cyber Crime Investigator GFSU-CCCI. Training Partner. Important dates for all batches GFSU Certified Cyber Crime Investigator GFSU-CCCI 1. Internet Fundamentals 2. Cyber Crime Essentials 3. Cyber Investigation Essentials 4. Digital Evidence in Computer Devices 5. Cyber Forensics Essentials

More information

The Green and Virtual Data Center

The Green and Virtual Data Center The Green and Virtual Data Center Greg (Schulz CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an informa business Contents Preface About

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Project Management Concepts, Methods, and Techniques

Project Management Concepts, Methods, and Techniques Project Management Concepts, Methods, and Techniques Claude H. Maley Uffi\ CRC Press Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an Informa

More information

EFFECTIVE NON-PROFIT MANAGEMENT

EFFECTIVE NON-PROFIT MANAGEMENT American Society for Public Administration Series in Public Administration and Public Policy Advancing excellence in public service.., EFFECTIVE NON-PROFIT MANAGEMENT Context, Concepts, and Competencies

More information

Mining. Practical. Data. Monte F. Hancock, Jr. Chief Scientist, Celestech, Inc. CRC Press. Taylor & Francis Group

Mining. Practical. Data. Monte F. Hancock, Jr. Chief Scientist, Celestech, Inc. CRC Press. Taylor & Francis Group Practical Data Mining Monte F. Hancock, Jr. Chief Scientist, Celestech, Inc. CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor Ei Francis Group, an Informs

More information

Expert Oracle Application. Express Security. Scott Spendolini. Apress"

Expert Oracle Application. Express Security. Scott Spendolini. Apress Expert Oracle Application Express Security Scott Spendolini Apress" Contents Foreword About the Author About the Technical Reviewer Acknowledgments Introduction xv xvii xix xxi xxiii BChapter 1: Threat

More information

Workflow Administration of Windchill 10.2

Workflow Administration of Windchill 10.2 Workflow Administration of Windchill 10.2 Overview Course Code Course Length TRN-4339-T 2 Days In this course, you will learn about Windchill workflow features and how to design, configure, and test workflow

More information

Secure Code Development

Secure Code Development ISACA South Florida 7th Annual WOW! Event Copyright Elevate Consult LLC. All Rights Reserved 1 Agenda i. Background ii. iii. iv. Building a Business Case for Secure Coding Top-Down Approach to Develop

More information

SOFTWARE TESTING. A Craftsmcm's Approach THIRD EDITION. Paul C. Jorgensen. Auerbach Publications. Taylor &. Francis Croup. Boca Raton New York

SOFTWARE TESTING. A Craftsmcm's Approach THIRD EDITION. Paul C. Jorgensen. Auerbach Publications. Taylor &. Francis Croup. Boca Raton New York SOFTWARE TESTING A Craftsmcm's Approach THIRD EDITION Paul C. Jorgensen A Auerbach Publications Taylor &. Francis Croup Boca Raton New York Auerbach Publications is an imprint of the Taylor & Francis Group,

More information

Introduction. Acknowledgments Support & Feedback Preparing for the Exam. Chapter 1 Plan and deploy a server infrastructure 1

Introduction. Acknowledgments Support & Feedback Preparing for the Exam. Chapter 1 Plan and deploy a server infrastructure 1 Introduction Acknowledgments Support & Feedback Preparing for the Exam xv xvi xvii xviii Chapter 1 Plan and deploy a server infrastructure 1 Objective 1.1: Design an automated server installation strategy...1

More information

Annex B - Content Management System (CMS) Qualifying Procedure

Annex B - Content Management System (CMS) Qualifying Procedure Page 1 DEPARTMENT OF Version: 1.5 Effective: December 18, 2014 Annex B - Content Management System (CMS) Qualifying Procedure This document is an annex to the Government Web Hosting Service (GWHS) Memorandum

More information

Electronic Payment Schemes Guidelines

Electronic Payment Schemes Guidelines BANK OF TANZANIA Electronic Payment Schemes Guidelines Bank of Tanzania May 2007 Bank of Tanzania- Electronic Payment Schemes and Products Guidleness page 1 Bank of Tanzania, 10 Mirambo Street, Dar es

More information

! Resident of Kauai, Hawaii

! Resident of Kauai, Hawaii SECURE SDLC Jim Manico @manicode! OWASP Volunteer! Global OWASP Board Member! Manager of several OWASP secure coding projects! Security Instructor, Author! 17 years of web-based, databasedriven software

More information

Developing. and Securing. the Cloud. Bhavani Thuraisingham CRC. Press. Taylor & Francis Group. Taylor & Francis Croup, an Informs business

Developing. and Securing. the Cloud. Bhavani Thuraisingham CRC. Press. Taylor & Francis Group. Taylor & Francis Croup, an Informs business Developing and Securing the Cloud Bhavani Thuraisingham @ CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an Informs business AN AUERBACH

More information

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe Agenda Who Is VendorSafe Technologies? It Won t Happen to Me! PCI DSS Overview The VendorSafe Solution Questions

More information

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor Windows 2012 Server Network Security Securing Your Windows Network Systems and Infrastructure Derrick Rountree Richard Hicks, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN

More information

Security Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan

Security Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan Security Metrics A Beginner's Guide Caroline Wong Mc Graw Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Contents FOREWORD

More information

CISO's Guide to. Penetration Testing. James. S. Tiller. A Framework to Plan, Manage, and Maximize Benefits. CRC Press. Taylor & Francis Group

CISO's Guide to. Penetration Testing. James. S. Tiller. A Framework to Plan, Manage, and Maximize Benefits. CRC Press. Taylor & Francis Group CISO's Guide to Penetration Testing A Framework to Plan, Manage, and Maximize Benefits James S. Tiller CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor

More information

BUSINESS ANALYSIS FDR INTELLIGENCE

BUSINESS ANALYSIS FDR INTELLIGENCE BUSINESS ANALYSIS FDR BUSINESS INTELLIGENCE BERT BRIJS CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an informa business AN AUERBACH

More information

Green Project Management

Green Project Management Green Project Management Richard Maltzman David Shirley CRC Press Taylor & Francis Group Boca Raton London New York CRC Press Is an imprint of the Taylor & Francis Croup, an Infonna business AN AUERBACH

More information

Expert PHP and MySQL. Application Desscpi and Development. Apress" Marc Rochkind

Expert PHP and MySQL. Application Desscpi and Development. Apress Marc Rochkind Expert PHP and MySQL Application Desscpi and Development Marc Rochkind Apress" Contents About the Author About the Technical Reviewer Acknowledgments Introduction xvii xix xxi xxiii -Chapter 1: Project

More information

Telephone and Electronic Account Wagering Rules and Regulations

Telephone and Electronic Account Wagering Rules and Regulations State of Colorado Colorado Racing Commission Telephone and Electronic Account Wagering Rules and Regulations All rules, regulations, procedures and mandates as defined in governing simulcast wagering are

More information

15 Organisation/ICT/02/01/15 Back- up

15 Organisation/ICT/02/01/15 Back- up 15 Organisation/ICT/02/01/15 Back- up 15.1 Description Backup is a copy of a program or file that is stored separately from the original. These duplicated copies of data on different storage media or additional

More information

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA ^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS KOGAN PAGE London and Sterling, VA Contents Foreword by Nigel Turnbull How to use this book

More information

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Computer Security Basics

Computer Security Basics Computer Security Basics Deborah Russell and G.T. Gangemi Sr. Techniscbe Universitai O^misiadt FAGHBERFJCH INFORMATJK BIBLIOTHEK Inventar-Nr.: Sachgebiete: Standort: Cambridge ' Koln O'Reilly & Associates,

More information

GODADDY INC. CORPORATE GOVERNANCE GUIDELINES. Adopted as of February 3, 2015

GODADDY INC. CORPORATE GOVERNANCE GUIDELINES. Adopted as of February 3, 2015 GODADDY INC. CORPORATE GOVERNANCE GUIDELINES Adopted as of February 3, 2015 The following corporate governance guidelines have been adopted by the Board of Directors (the Board ) of GoDaddy Inc. (the Company

More information

"Charting the Course... ... to Your Success!" MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary

Charting the Course... ... to Your Success! MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary Description Course Summary This course provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help test

More information

Customer Relationship Management

Customer Relationship Management Customer Relationship Management Concepts and Technologies Second edition Francis Buttle xlloillvlcjx. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY

More information

CUSTOMER RELATIONSHIP MANAGEMENT. Concepts and technologies. Third edition FRANCIS BUTTLE AND STAN MAKLAN

CUSTOMER RELATIONSHIP MANAGEMENT. Concepts and technologies. Third edition FRANCIS BUTTLE AND STAN MAKLAN CUSTOMER RELATIONSHIP MANAGEMENT Concepts and technologies Third edition FRANCIS BUTTLE AND STAN MAKLAN Routledge R Taylor & Francis Group LONDON AND NEW YORK List offigures List oftables About the authors

More information

Contents. Foreword. Acknowledgments

Contents. Foreword. Acknowledgments Foreword Preface Acknowledgments xv xvii xviii CHAPTER 1 Introduction 1 1.1 What Is Mission Critical? 1 1.2 Purpose of the Book 2 1.3 Network Continuity Versus Disaster Recovery 2 1.4 The Case for Mission-Critical

More information

Automatic vs. Manual Code Analysis

Automatic vs. Manual Code Analysis Automatic vs. Manual Code Analysis 2009-11-17 Ari Kesäniemi Senior Security Architect Nixu Oy ari.kesaniemi@nixu.com Copyright The Foundation Permission is granted to copy, distribute and/or modify this

More information

Data Security at the KOKU

Data Security at the KOKU I. After we proposed our project to the central registration office of the city of Hamburg, they accepted our request for transferring information from their birth records. Transfer of all contact details

More information

Business Information Systems and Technology

Business Information Systems and Technology Business Information Systems and Technology A primer Brian Lehaney, Phil Lovett and Mahmood Shah Routledge Taylor & Francis Group LONDON AND NEW YORK Contents List of case studies xii List of figures xiii

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

West African Minerals Corporation ("West African" or the "Company") Holding in Company

West African Minerals Corporation (West African or the Company) Holding in Company Regulatory Story Go to market news section West African Minerals Corporation - WAFM Holding(s) in Company Released 17:04 23-Apr-2015 RNS Number : 1876L West African Minerals Corporation 23 April 2015 For

More information

METHODS IN MEDICAL INFORMATICS

METHODS IN MEDICAL INFORMATICS Chapman & Hall/CRC Mathematical and Computational Biology Series METHODS IN MEDICAL INFORMATICS Fundamentals of Healthcare Programming in Perln Pythoni and Ruby Jules J- Berman TECHNISCHE INFORMATION SBIBLIOTHEK

More information

2010 MegaPath Inc. All rights reserved. Confidential and Proprietary 2

2010 MegaPath Inc. All rights reserved. Confidential and Proprietary 2 Polycom SIP Phones Base Configuration for MegaPath Duet Hosted Voice Service Contents Summary... 3 Configuration Settings Overview... 3 Restarting the Phone... 5 Rebooting the Phone... 6 Uploading Log

More information

To define and explain different learning styles and learning strategies.

To define and explain different learning styles and learning strategies. Medical Office Assistant Program Overview The Medical Office Assistant program prepares students for entry-level employment as a medical office assistant. It discusses the fundamentals of medical terminology,

More information

Business Administration of Windchill PDMLink 10.0

Business Administration of Windchill PDMLink 10.0 Business Administration of Windchill PDMLink 10.0 Overview Course Code Course Length TRN-3160-T 3 Days After completing this course, you will be well prepared to set up and manage a basic Windchill PDMLink

More information

CESG Certification of Cyber Security Training Courses

CESG Certification of Cyber Security Training Courses CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security

More information

Pro SQL Server 2008 Pol icy-based. Management. Ken Simmons. Colin Stasiuk. Jorge Segarra. Apress8

Pro SQL Server 2008 Pol icy-based. Management. Ken Simmons. Colin Stasiuk. Jorge Segarra. Apress8 Pro SQL Server 2008 Pol icy-based Management Ken Simmons Colin Stasiuk Jorge Segarra Apress8 Contents Contents at a Glance Contents About the Authors About the Technical Reviewers Acknowledgments Introduction

More information

Warning Signs and the Red Flag System

Warning Signs and the Red Flag System Fraud Prevention and Detection Warning Signs and the Red Flag System Rodney T. Stamler Hans J. Marschdorf Mario Possamai CRC Press Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint

More information

CLINICAL DATA MANAGEMENT

CLINICAL DATA MANAGEMENT J * Edition Practical Guide to CLINICAL DATA MANAGEMENT Susanne Prokscha (g) CRC Press Taylor Francis Croup London York CRC Press is an imprint of the Taylor Francis Croup, an buslness Preface Introduction

More information

State of Web Application Security. Ralph Durkee Durkee Consulting, Inc. Rochester ISSA & OWASP Chapters rd@rd1.net

State of Web Application Security. Ralph Durkee Durkee Consulting, Inc. Rochester ISSA & OWASP Chapters rd@rd1.net Ralph Durkee Durkee Consulting, Inc. Rochester ISSA & OWASP Chapters rd@rd1.net Ralph Durkee Founder of Durkee Consulting since 1996 Founder of Rochester OWASP since 2004 President of Rochester ISSA chapter

More information

C ONTENTS. Acknowledgments

C ONTENTS. Acknowledgments kincaidtoc.fm Page vii Friday, September 20, 2002 1:25 PM C ONTENTS Preface Acknowledgments xxi xxvii Part 1 CRM: Is It Right for Your Company? 1 Chapter 1 Commerce in the 21st Century 3 1.1 Understanding

More information

Computer-Aided Multivariate Analysis

Computer-Aided Multivariate Analysis Computer-Aided Multivariate Analysis FOURTH EDITION Abdelmonem Af if i Virginia A. Clark and Susanne May CHAPMAN & HALL/CRC A CRC Press Company Boca Raton London New York Washington, D.C Contents Preface

More information

NETWORK SECURITY HACKS

NETWORK SECURITY HACKS SECOND EDITION NETWORK SECURITY HACKS 2008 AGI-Information Management Consultants May be used for personal purporses only or by libraries associated to dandelon.com network. Andrew Lockhart O'REILLY Beijing

More information

INCIDENT RESPONSE CHECKLIST

INCIDENT RESPONSE CHECKLIST INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged

More information

Enterprise K12 Network Security Policy

Enterprise K12 Network Security Policy Enterprise K12 Network Security Policy I. Introduction The K12 State Wide Network was established by MDE and ITS to provide a private network infrastructure for the public K12 educational community. Therefore,

More information

Consolidated Annual Report of the AB Capital Group for the financial year 2008/2009. covering the period from July 1, 2008 to June 30, 2009

Consolidated Annual Report of the AB Capital Group for the financial year 2008/2009. covering the period from July 1, 2008 to June 30, 2009 Consolidated Annual Report of the AB Capital Group for the financial year 2008/2009 covering the period from July 1, 2008 to June 30, 2009 Selected financial data converted to EUR SELECTED FINANCIAL DATA

More information

Online Recruiting and Selection

Online Recruiting and Selection Online Recruiting and Selection Innovations in Talent Acquisition Douglas H. Reynolds and John A. Weiner ^WILEY-BLACKWELL A John Wiley &. Sons, Ltd., Publication Contents Series Editor's Preface About

More information

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY.

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY. THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY. Capitalized terms used herein but not otherwise defined shall have their respective meanings set forth in the End

More information

Risk Analysis and the Security Survey

Risk Analysis and the Security Survey Risk Analysis and the Security Survey Fourth Edition James F. Broder Eugene Tucker ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann

More information

I. The Role of the Board of Directors II. Director Qualifications III. Director Independence IV. Director Service on Other Public Company Boards

I. The Role of the Board of Directors II. Director Qualifications III. Director Independence IV. Director Service on Other Public Company Boards Corporate Governance Guidelines The Board of Directors (the Board ) of (the Corporation ) has adopted these governance guidelines. The guidelines, in conjunction with the Corporation s articles of incorporation,

More information

Software Security. Group project: application security verification using OWASP ASVS

Software Security. Group project: application security verification using OWASP ASVS Software Security Group project: application security verification using OWASP ASVS Brainstorm What would you do if you if someone asked you to check if some piece of software that they use (and possibly

More information

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright

More information

Climate and Disaster Resilience Index of Asian Cities

Climate and Disaster Resilience Index of Asian Cities Climate and Disaster Resilience Index of Asian Cities Coexistence of Contrast Rajib Shaw Professor, http://www.iedm.ges.kyoto-u.ac.jp/ Increasing Trend 4000 3500 Source: UNPD, 2010 3000 2500 2000 1500

More information

The AppSec How-To: Achieving Security in DevOps

The AppSec How-To: Achieving Security in DevOps The AppSec How-To: Achieving Security in DevOps How do you integrate security within a Continuous Deployment (CD) environment - where every 5 minutes a feature, an enhancement, or a bug fix needs to be

More information

Athena Self-Service Walkthrough

Athena Self-Service Walkthrough Athena Self-Service Walkthrough By the UGA Office of Student Financial Aid 220 Holmes/Hunter Academic Building Athens, GA 30602-6114 Phone: (706) 542-6147 Section 1 How to Find Out What is Needed by the

More information

Michael Noel. Colin Spence. SharePoint UNLEASHED. 800 East 96th Street, Indianapolis, Indiana 46240 USA

Michael Noel. Colin Spence. SharePoint UNLEASHED. 800 East 96th Street, Indianapolis, Indiana 46240 USA Michael Noel Colin Spence SharePoint 2013 UNLEASHED 800 East 96th Street, Indianapolis, Indiana 46240 USA Table of Contents Introduction 1 Part I Planning for and Deploying SharePoint Server 2013 1 Introducing

More information

CYBER SECURITY WORKFORCE

CYBER SECURITY WORKFORCE Department of the Navy CYBER SECURITY WORKFORCE SCHEDULE A HIRING AUTHORITY FINAL IMPLEMENTING GUIDANCE Prepared by: DONCIO USMC SPAWAR NAVY CYBER FORCES FFC OCHR HRO HRSC 1 Table of Contents I. Introduction

More information