Secure and Resilient Software: Requirements, Test Cases, and Testing Methods provides a comprehensive set of requirements for secure and resilient software development and operation. It supplies documented test cases for those requirements as well as best practices for testing nonfunctional requirements for improved information assurance. This resource-rich book includes:
- Pre-developed nonfunctional requirements that can be reused for any software development project
- Documented test cases that go along with the requirements and can be used to develop a Test Plan for the software
- Testing methods that can be applied to the test cases provided
- Downloadable resources with all security requirements and test cases as well as MS Word versions of the checklists, requirements, and test cases covered in the book
Offering ground-level, already-developed software nonfunctional requirements and corresponding test cases and methods, this book will help to ensure that your software meets its nonfunctional requirements for security and resilience. The accompanying downloadable resources filled with helpful checklists and reusable documentation provides you with the tools needed to integrate security into the requirements analysis, design, and testing phases of your software development lifecycle.
Some Praise for the Book:
This book pulls together the state of the art in thinking about this important issue in a holistic way with several examples. It takes you through the entire lifecycle from conception to implementation ... .
—Doug Cavit, Chief Security Strategist, Microsoft Corporation
...provides the reader with the tools necessary to jump-start and mature security within the software development lifecycle (SDLC).
—Jeff Weekes, Sr. Security Architect at Terra Verde Services
... full of useful insights and practical advice from two au
Table of Contents
Introduction. Nonfunctional Requirements (NFRs) in Context. Resilience and Quality Considerations for Application Software and the Application Runtime Environment. Security Requirements for Application Software. Security Services for the Application Operating Environment. Software Design Considerations for Security and Resilience. Best Practices for Converting Requirements to Secure Software Designs. Security Test Cases. Testing Methods and Best Practices. Connecting the Moving Parts.
Mark S. Merkow, CISSP, CISM, CSSLP works at PayPal Inc. (an eBay company) in Scottsdale, Arizona, as Manager of Information Security Policies, Standards, Training, and Awareness in the Information Risk Management area. Mark has more than 35 years of experience in information technology in a variety of roles, including applications development, systems analysis and design, security engineering, and security management. Mark holds a masters degree in decision and info systems from Arizona State University (ASU), a masters of education in distance learning from ASU, and an undergraduate degree in computer info systems from ASU. In addition to his day job, Mark engages in a number of other extracurricular activities, including consulting, course development, online course delivery, and writing columns and books on information technology and information security.
Mark has authored or coauthored ten books on IT and is a contributing editor on four others. Mark remains very active within the information security community, working in a variety of roles for the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Financial Services Technology Consortium (FSTC), and the Financial Services Sector Coordinating Council (FSCCC) on Homeland Security and Critical Infrastructure Protection.
He is the chairman of the Education Committee for the FS-ISAC and is a founding member of the Research and Development Committee of the FSSCC.
Lakshmikanth Raghavan, CISM, CRISC (Laksh) works at PayPal Inc. (an eBay company) as Staff Information Security Engineer in the Information Risk Management area, specializing in application security. Laksh has more than ten years of experience in the areas of information security and information risk management, and has provided consulting services to Fortune 500 companies and financial services companies around the world. Laksh holds a bachelor’s degree in electronics and t