Architecting Secure Software Systems: 1st Edition (Hardback) book cover

Architecting Secure Software Systems

1st Edition

By Asoke K. Talukder, Manish Chaitanya

Auerbach Publications

446 pages | 99 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781420087840
pub: 2008-12-17
SAVE ~$17.39
eBook (VitalSource) : 9780429133985
pub: 2008-12-17
from $43.48

FREE Standard Shipping!


Traditionally, software engineers have defined security as a non-functional requirement. As such, all too often it is only considered as an afterthought, making software applications and services vulnerable to attacks. With the phenomenal growth in cybercrime, it has become imperative that security be an integral part of software engineering so that all software assets are protected and safe. Architecting Secure Software Systems defines how security should be incorporated into basic software engineering at the requirement analysis phase, continuing this sharp focus into security design, secured programming, security testing, and secured deployment.

Outlines Protection Protocols for Numerous Applications

Through the use of examples, this volume defines a myriad of security vulnerabilities and their resultant threats. It details how to do a security requirement analysis and outlines the security development lifecycle. The authors examine security architectures and threat countermeasures for UNIX, .NET, Java, mobile, and Web environments. Finally, they explore the security of telecommunications and other distributed services through Service Oriented Architecture (SOA). The book employs a versatile multi-platform approach that allows users to seamlessly integrate the material into their own programming paradigm regardless of their individual programming backgrounds. The text also provides real-world code snippets for experimentation.

Define a Security Methodology from the Initial Phase of Development

Almost all assets in our lives have a virtual presence and the convergence of computer information and telecommunications makes these assets accessible to everyone in the world. This volume enables developers, engineers, and architects to approach security in a holistic fashion at the beginning of the software development lifecycle. By securing these systems from the project’s inception, the monetary and personal privacy catastrophes caused by weak systems can potentially be avoided.

Table of Contents

Security in Software Systems

Need for Computer Security

Vulnerability and Attacks

Various Security Attacks

Computer Security

Counter External Threats

Security Programming

Database Security

Common Criteria

Security Standards

Architecting Secure Software Systems

Building Secured System

Security Requirements Analysis

Threat Modeling

Security Design

Security Coding

Safe Programming

Security Review

Generating the Executable

Security Testing

Secured Deployment

Security Remediation

Security Documentation

Security Response Planning

Safety-Critical Systems

Constructing Secured and Safe C/UNIX Programs

UNIX and Linux History

UNIX and Linux Security

Privileges in UNIX

Secure Network Programming

UNIX Virtualization

UNIX Security Logging

C/C++ Language

Common Security Problems with C/C++

Avoiding Security Risks with C/C++ Code

Some Coding Rules

Constructing Secured Systems in NET

Overview of .NET 3.0

Common Language Runtime

NET Runtime Security

NET Security Architecture

Identity and Principal


Code Access Security

Role-Based Security

Type Safety and Security

ASP.NET Security

NET Remoting Security

Windows Security

Networking and Service-Oriented Architecture–Based Security

Networking and Open Systems Interconnection Model

Transmission Control Protocol/Internet Protocol Primer

Security Using Sockets

Service-Oriented Architecture

Remote Procedure Call

Remote Method Invocation Security

Common Object Request Broker Architecture Security

Securing ActiveX Control

Distributed Component Object Model Security

Java Client-Side Security

Java Framework

Java Platform Security

The Java Cryptography Application Programming Interface

Java Secure Sockets Extension

Authentication and Access Control

Java Sandbox

Java Applets Security

Java Swing

Security in Mobile Applications

Mobile Computing


Next Generation Networks

Next Generation Network Security

Mobile Applications

Security in Mobile Computing Scenario

Java 2 Micro Edition Security

Java Card and Universal Subscriber Identity Module Security

Wireless Application Protocol Security

Security Implementation in Windows Mobile

Mobile Agents

Mobile Ad Hoc Network Security

Digital Rights Management

Security in Web-Facing Applications

Overview of Web Security

Identity Management

Public Key Infrastructure

Trust in Service

Emerging Security Technologies

Code Injection

Parameter Tampering

Cross-Site Scripting

File Disclosure

Next Generation Webs

Next Generation Web Security

Secured Web Programming

Application Vulnerability Description Language

Server-Side Java Security

Server-Side Java

Servlet Security

Securing Java Server Pages

Java Struts Security

Java Server Faces Security

Web Application Development Rules

Securing Enterprise JavaBeans

Constructing Secured Web Services

Web Services Security

Threat Profile and Risk Analysis

Web Service Security Model

Web Services Security Standards

Servlet Security for Web Services

Secure Sockets Layer Security for Web Services

WS Security with Apache AXIS

XML and XPath Injection Attack Through SOAP-Based Web Services

Federated Identity Management and Web Services Security


Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Programming Languages / General
COMPUTERS / Software Development & Engineering / General
COMPUTERS / Security / General