Secure and resilient software development:
Gespeichert in:
| Hauptverfasser: | , |
|---|---|
| Format: | Buch |
| Sprache: | English |
| Veröffentlicht: |
Boca Raton, FL [u.a.]
CRC Press
2010
|
| Schlagworte: | |
| Online-Zugang: | Inhaltsverzeichnis |
| Beschreibung: | XXIV, 368 S. Ill., graph. Darst. |
| ISBN: | 9781439826966 |
Internformat
MARC
| LEADER | 00000nam a2200000zc 4500 | ||
|---|---|---|---|
| 001 | BV036712119 | ||
| 003 | DE-604 | ||
| 005 | 20101112 | ||
| 007 | t | ||
| 008 | 101011s2010 xxuad|| |||| 00||| eng d | ||
| 010 | |a 2010013383 | ||
| 020 | |a 9781439826966 |c hardcover : alk. paper |9 978-1-4398-2696-6 | ||
| 035 | |a (OCoLC)705893791 | ||
| 035 | |a (DE-599)BVBBV036712119 | ||
| 040 | |a DE-604 |b ger |e aacr | ||
| 041 | 0 | |a eng | |
| 044 | |a xxu |c US | ||
| 049 | |a DE-29T |a DE-703 | ||
| 050 | 0 | |a QA76.76.D47 | |
| 082 | 0 | |a 005.8 | |
| 084 | |a ST 230 |0 (DE-625)143617: |2 rvk | ||
| 100 | 1 | |a Merkow, Mark S. |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a Secure and resilient software development |c Mark S. Merkow ; Lakshmikanth Raghawan |
| 264 | 1 | |a Boca Raton, FL [u.a.] |b CRC Press |c 2010 | |
| 300 | |a XXIV, 368 S. |b Ill., graph. Darst. | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b n |2 rdamedia | ||
| 338 | |b nc |2 rdacarrier | ||
| 650 | 4 | |a Computer software |x Development | |
| 650 | 4 | |a Computer software |x Reliability | |
| 650 | 4 | |a Computer security | |
| 650 | 0 | 7 | |a Softwareentwicklung |0 (DE-588)4116522-6 |2 gnd |9 rswk-swf |
| 689 | 0 | 0 | |a Softwareentwicklung |0 (DE-588)4116522-6 |D s |
| 689 | 0 | |5 DE-604 | |
| 700 | 1 | |a Raghawan, Lakshmikanth |e Verfasser |4 aut | |
| 856 | 4 | 2 | |m HBZ Datenaustausch |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=020630190&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
| 999 | |a oai:aleph.bib-bvb.de:BVB01-020630190 | ||
Datensatz im Suchindex
| _version_ | 1804143356784148480 |
|---|---|
| adam_text | Titel: Secure and resilient software development
Autor: Merkow, Mark S.
Jahr: 2010
Contents
Preface xvii
How This Book Is Organized xviii
About the Authors xxi
Acknowledgments xxiii
Chapter 1 How Does Software Fail Thee? Let Us Count the Ways 1
1.1 Vulnerabilities Abound 2
1.1.1 Security Flaws Are Omnipresent 3
1.1.2 Cars Have Their Share of Computer
Problems Too 5
1.2 Tracing the Roots of Defective Software 7
1.3 What Are the True Costs of Insecure Software to
Global Enterprises? 8
1.4 Addressing Security Questions Addresses Resilience 10
1.5 References 11
Chapter 2 Characteristics of Secure and Resilient Software 13
2.1 Functional Versus Nonfunctional Requirements 13
2.2 Testing Nonfunctional Requirements 15
2.3 Families of Nonfunctional Requirements 17
2.4 Availability 18
2.5 Capacity 19
2.6 Efficiency 20
2.7 Interoperability 20
2.8 Manageability 21
2.9 Cohesion 21
2.10 Coupling 22
2.11 Maintainability 22
vi Contents
2.12 Performance 23
2.13 Portability 23
2.14 Privacy 24
2.15 Recoverabìlity 25
2.16 Reliability 26
2.17 Scalability 27
2.18 Security 17
2.19 Serviceability/Supportability 29
2.20 Characteristics of Good Requirements 30
2.21 Eliciting Nonfunctional Requirements 32
2.22 Documenting Nonfunctional Requirements 33
2.23 References 34
Chapter 3 Security and Resilience in the Software Development
Life Cycle 37
3.1 Resilience and Security Begin from Within 37
3.2 Requirements Gathering and Analysis 39
3.3 Systems Design and Detailed Design 40
3.3.1 Functional Decomposition 41
3.3.2 Categorizing Threats 41
3.3.3 Ranking Threats 42
3.3.4 Mitigation Planning 42
3.4 Design Reviews 42
3.5 Development (Coding) Phase 43
3.5.1 Static Analysis 43
3.5.2 Peer Review 44
3.5.3 UnitTesting 44
3.6 Testing 44
3.7 Deployment 45
3.8 Security Training 47
3.9 References 48
Chapter 4 Proven Best Practices for Resilient Applications 49
4.1 Critical Concepts 49
4.2 The Security Perimeter 51
4.3 Attack Surface 52
4.3.1 Mapping the Attack Surface 53
4.3.2 Side Channel Attacks 54
4.4 Application Security and Resilience Principles 54
4.5 Practice 1 : Apply Defense in Depth 55
4.6 Practice 2: Use a Positive Security Model 56
Secure and Resilient Software Development vii
4.7 Practice 3: Fail Securely 58
4.8 Practice 4: Run with Least Privilege 59
4.9 Practice 5: Avoid Security by Obscurity 59
4.10 Practice 6: Keep Security Simple 60
4.11 Practice 7: Detect Intrusions 60
4.11.1 Log All Security-Relevant Information 61
4.11.2 Ensure That the Logs Are Monitored
Regularly 61
4.11.3 Respond to Intrusions 61
4.12 Practice 8: Don t Trust Infrastructure 61
4.13 Practice 9: Don t Trust Services 62
4.14 Practice 10: Establish Secure Defaults 62
4.15 Mapping Best Practices to Nonfunctional
Requirements 62
4.16 References 64
Chapter 5 Designing Applications for Security and Resilience 65
5.1 Design Phase Recommendations 65
5.1.1 Misuse Case Modeling 66
5.1.2 Security Design and Architecture Review 68
5.1.3 Threat and Risk Modeling 68
5.1.4 Risk Analysis and Modeling 70
5.1.5 Security Requirements and Test Case
Generation 70
5 .2 Design to Meet Nonfunctional Requirements 71
5 .3 Design Patterns 73
5 .4 Architecting for the Web 74
5 .5 Architecture and Design Review Checklist 76
5 .6 References 84
Chapter 6 Programmi ing Best Practices 87
6 .1 The Evolution of Software Attacks 88
6 .2 TheOWASPTopiO 89
6.2.1 A1 : Injection 90
6.2.2 A2: Cross-Site Scripting 90
6.2.3 A3: Broken Authentication and Session
Management 90
6.2.4 A4: Insecure Direct Object References 91
6.2.5 A5: Cross-Site Request Forgery 91
6.2.6 A6: Security Misconfiguration 91
6.2.7 A7: Failure to Restrict URL Access 92
vi M Contents
6.2.8 A8: Unvalidated Redirects and Forwards 92
6.2.9 A9: Insecure Cryptographic Storage 92
6.2.10 A10: Insufficient Transport Layer
Protection 93
6.3 OWASP Enterprise Security API (ESAPI) 93
6.3.1 Input Val ¡dation and Handling 95
6.3.2 Client-Side Versus Server-Side Validation 98
6.3.3 Input Sanitization 99
6.3.4 Canonicalization 100
6.3.5 Examples of Attacks due to Improper
Input Handling 101
6.3.6 Approaches to Validating Input Data 102
6.3.7 Handling Bad Input 106
6.3.8 ESAPI Interfaces 106
6.4 Cross-Site Scripting 106
6.4.1 Same Origin Policy 107
6.4.2 Attacks Through XSS 108
6.4.3 Prevention of Cross-Site Scripting 112
6.4.4 ESAPI Interfaces 113
6.5 Injection Attacks 113
6.5.1 SQL Injection 113
6.5.2 Stored Procedures 114
6.5.3 Identifying SQL Injection and
Exploitation 115
6.5.4 Defending Against SQL Injection 116
6.5.5 Creating SQL Queries 117
6.5.6 Additional Controls to Prevent SQL
Injection Attacks 117
6.5.7 ESAPI Interfaces 117
6.6 Authentication and Session Management 118
6.6.1 Attacking Log-in Functionality 119
6.6.2 Attacking Password Resets 119
6.6.3 Attacking Sensitive Transactions 120
6.7 Cross-Site Request Forgery 120
6.7.1 CSRF Mitigation 121
6.8 Session Management 121
6.8.1 Attacking Log-out Functionality 121
6.8.2 Defenses Against Log-out Attacks 122
6.8.3 Defenses Against Cookie Attacks 122
6.8.4 Session Identifiers 123
6.8.5 ESAPI Interfaces 124
6.9 Access Control 124
Secure and Resilient Software Development ix
6.9.1 Avoiding Security Through Obscurity 124
6.9.2 Access Control Issues 124
6.9.3 Testing for Broken Access Control 125
6.9.4 Defenses Against Access Control
Attacks 125
6.9.5 Administrator Interfaces 126
6.9.6 Protecting Administrator Interfaces 126
6.9.7 ESAPI Interfaces 126
6.10 Cryptography 127
6.10.1 Hashing and Password Security 127
6.10.2 Attacking the Hash 128
6.10.3 Precomputed Attacks 128
6.10.4 Message Authentication Code (MAC) 129
6.10.5 Home-Grown Algorithms 129
6.10.6 Randomness and Pseudo-Randomness 130
6.10.7 ESAPI Interfaces 130
6.11 Error Handling 131
6.11.1 User Error Messages 131
6.11.2 Log-in Error Messages—A Case Study 131
6.11.3 Error Message Differentiation 132
6.11.4 Developer Error Messages 132
6.11.5 Information to Be Kept Private 133
6.11.6 Structured Exception Handling 133
6.11.7 ESAPI Interfaces 134
6.12 Ajax and Flash 134
6.12.1 AJAX Application Traffic 135
6.12.2 AJAX Client Requests 135
6.12.3 Server Responses 136
6.12.4 Typical Attacks Against AJAX
Applications 137
6.12.5 Security Recommendations for AJAX
Applications 137
6.12.6 Adobe Flash—Sandbox Security Model 138
6.12.7 Cross-Domain Policy 138
6.12.8 Restrict SWF Files Embedded in HTML 139
6.12.9 Attacking Flash Applications 140
6.12.10 Securing Flash Applications 140
6.14 Additional Best Practices for Software Resilience 141
6.14.1 Externalize Variables 141
6.14.2 EncryptedProperties—Method
Summary 141
6.14.3 Initialize Variables Properly 142
x Contents
6.14.4 Do Not Ignore Values Returned by
Functions • 142
6.14.5 Avoid Integer Overflows 143
6.15 Top 10 Secure Coding Practices 144
6.16 Fifty Questions to Improve Software Security 146
6.1 7 References 151
Chapter 7 Special Considerations for Embedded Systems, Cloud
Computing, and Mobile Computing Devices 153
7.1 Embedded Systems 154
7.1.1 Bad Assumptions About Embedded Systems
Programming 155
7.1.2 New Mantras 156
7.1.3 The Framework 156
7.2 Distributed Applications/Cloud Computing 156
7.2.1 Representational State Transfer (REST) 160
7.2.2 REST Stateless Authentication 161
7.2.3 Attacking Distributed APIs 161
7.2.4 Securing Distributed APIs 162
7.3 Mobile Applications 162
7.3.1 BlackBerry 162
7.3.2 Windows Mobile 163
7.3.3 ¡Phone 164
7.3.4 Mobile Application Security 164
7.4 References 165
Security Testing of Custom Software Applications 167
8.1 Fixing Early Versus Fixing After Release 167
8.2 Testing Phases 168
8.3 Unit Testing 169
8.4 Manual Source Code Review 169
8.5 The Code Review Process 170
8.6 Automated Source Code Analysis 172
8.6.1 Automated Reviews Compared with
Manual Reviews 173
8.6.2 Commercial and Free Source Code
Analyzers 174
8.6.3 Fortify 360 176
8.7 Acquiring Commercial or Open-Source
Analysis Tools 180
8.8 Deployment Strategy 181
Secure and Resilient Software Development xi
8.8.1 IDE Integration for Developers 181
8.8.2 Build Integration for Governance 182
8.9 Regulatory Compliance 183
8.10 Benefits of Using Source Code Analyzers 183
8.11 Penetration (Pen) Testing 184
8.11.1 Penetration Testing Tools 185
8.11.2 Automated Black Box Scanning 185
8.11.3 Deployment Strategy 186
8.11.4 Gray Box Testing 187
8.11.5 Limitations and Constraints of Pen
Testing Tools 188
8.12 References 189
Chapter 9 Testing Commercial off-the-Shelf Systems 191
9.1 The Problems with Shrink-Wrapped Software 191
9.2 The Common Criteria for Information Technology
Security Evaluation 192
9.2.1 Harmonizing Evaluation Criteria 194
9.2.2 Development 196
9.2.3 Evaluation 197
9.2.4 Operation 197
9.2.5 Key Concepts of the Common Criteria 197
9.2.6 The Security Framework 198
9.2.7 The Common Criteria Approach 199
9.2.8 The Security Environment 200
9.2.9 The Common Criteria Portal 208
9.2.10 Criticisms of the CC 208
9.3 The Commercial Community Responds 210
9.3.1 The BITS/FSTC Security Assurance
Initiative 210
9.4 ICSALabs 211
9.4.1 Evaluation Methodology 212
9.4.2 Certification Criteria 212
9.4.3 ICSA Labs Testing and Certification
Process 212
9.5 Veracode s VerAfied Software Assurance 214
9.5.1 Ratings Methodology 214
9.5.2 Assessing Software for the VerAfied
Mark 214
9.6 References 216
xM Contents
Chapter 10 Implementing Security and Resilience Using CLASP 217
10.1 Comprehensive, Lightweight Application Security
Process (CLASP) 218
10.2 CLASP Concepts 218
10.3 Overview of the CLASP Process 219
10.4 CLASP Key Best Practices 221
10.4.1 Best Practice 1 : Institute Awareness
Programs 221
10.4.2 Best Practice 2: Perform Application
Assessments 223
10.4.3 Best Practice 3: Capture Security
Requirements 224
10.4.4 Best Practice 4: Implement Secure
Development Practices 225
10.4.5 Best Practice 5: Build Vulnerability
Remediation Procedures 226
10.4.6 Best Practice 6: Define and Monitor
Metrics 226
10.4.7 Best Practice 7: Publish Operational
Security Guidelines 227
10.5 CLASP Security Activities to Augment Software
Development Processes 227
10.6 Applying CLASP Security Activities to Roles 228
10.7 Re-engineering Your SDLC for CLASP 232
10.7.1 Business Objectives 232
10.7.2 Process Milestones 232
10.7.3 Process Evaluation Criteria 232
10.7.4 Forming the Process Re-engineering
Team 233
10.8 Sample CLASP Implementation Roadmaps 234
10.8.1 Green-Field Roadmap 235
10.8.2 Legacy Roadmap 235
10.9 References 236
Chapter 11 Metrics and Models for Security and Resilience
Maturity 237
11.1 Maturity Models for Security and Resilience 237
11.2 Software Assurance Maturity Model—OpenSAMM 238
11.2.1 Core Practice Areas 240
11.2.2 Levels of Maturity 241
11.2.3 Assurance 243
Secure and Resilient Software Development xiii
11.3 The Building Security In Maturity Model (BSIMM) 247
11.3.1 BSIMM Software Security Framework 248
11.4 BSIMM Activities 250
11.4.1 Governance: Strategy and Metrics 250
11.4.2 Governance: Compliance and Policy 254
11.4.3 Governance: Training 258
11.4.4 Intelligence: Attack Models 261
11.4.5 Intelligence: Security Features and
Design 265
11.4.6 Intelligence: Standards and
Requirements 267
11.4.7 SSDL Touchpoints : Architecture
Analysis 271
11.4.8 SSDL Touchpoints: Code Review 274
11.4.9 SSDL Touchpoints: Security Testing 277
11.4.10 Deployment: Penetration Testing 280
11.4.11 Deployment: Software Environment 282
11.4.12 Deployment: Configuration Management
and Vulnerability Management 284
11.5 Measuring Results with BSIMM 286
11.6 Helpful Resources For Implementing BSIMM 287
11.7 Applying BSIMM to the Financial Services Domain 288
11.7.1 Working Group Methodology 288
11.8 References 289
Chapter 12 Taking It to the Streets 291
12.1 Getting Educated 291
12.1.1 DEVELOPER 530: Defending Web
Applications 292
12.1.2 DEVELOPER 530: Essential Secure
Coding in Java/JEE 293
12.1.3 DEVELOPER 541 : Secure Coding in
Java/JEE: Developing Defensible
Applications 293
12.1.4 DEVELOPER 542: Web App
Penetration Testing and Ethical Hacking 293
12.1.5 DEVELOPER 544: Secure Coding in
.NET: Developing Defensible
Applications 294
xiv Contents
12.1.6 DEVELOPER 545: Secure Coding in
PHP: Developing Defensible
Applications 294
12.1.7 DEVELOPER 534: Secure Code
Review for Java Web Apps 295
12.1.8 DEVELOPER 543: Secure Coding in
C/C++: Developing Defensible
Applications 295
12.1.9 Aspect Security Inc. 296
12.1.10 CERT Software Engineering
Institute (SEI) 298
12.1.11 SEI Secure Coding in C and C++
Course 299
12.2 Getting Certified 300
12.2.1 Certified Secure Software Lifecycle
Professional (CSSLP) 301
12.2.2 Why Obtain the CSSLP? 302
12.2.3 Benefits of Certification to the
Professional 302
12.2.4 Benefits of Certification to the
Enterprise 302
12.3 Getting Involved 303
12.3.1 Web Application Security Consortium 303
12.4 Reaching Out for Research 308
12.4.1 DHS Research Program Areas 308
12.4.2 The U.S. Treasury and the FSSCC 310
12.5 Last Call 314
12.6 Conclusion 315
12.7 References 316
Glossary 319
Appendix A 2010 CWE/SANS Top 25 Most Dangerous
Programming Errors 335
A.1 Brief Listing of the Top 25 336
A.I .1 Insecure Interaction Between
Components 336
A.1.2 Risky Resource Management 336
A.1.3 Porous Defenses 337
A.2 Detailed CWE Descriptions 338
Secure and Resilient Software Development xv
A.2.1 CWE-79: Failure to Preserve Web
Page Structure ( Cross-Site Scripting ) 338
A.2.2 CWE-89: Improper Sanitization of
Special Elements Used in an SQL
Command ( SQL Injection ) 338
A.2.3 CWE-120: Buffer Copy Without
Checking Size of Input ( Classic
Buffer Overflow ) 339
A.2.4 CWE-352: Cross-Site Request
Forgery (CSRF) 339
A.2.5 CWE-285: Improper Access
Control (Authorization) 339
A.2.6 CWE-807: Reliance on Un-trusted
Inputs in a Security Decision 340
A.2.7 CWE-22: Improper Limitation of a
Pathname to a Restricted Directory
( Path Traversal ) 340
A.2.8 CWE-434: Unrestricted Upload of
File with Dangerous Type 340
A.2.9 CWE-78: Improper Sanitization of
Special Elements Used in an OS
Command ( OS Command Injection ) 341
A.2.10 CWE-311 : Missing Encryption of
Sensitive Data 341
A.2.11 CWE-798: Use of Hard-Coded
Credentials 341
A.2.12 CWE-805: Buffer Access with Incorrect
Length Value 342
A.2.13 CWE-98: Improper Control of
Filename for Include/Require
Statement in PHP Program ( PHP
File Inclusion ) 342
A.2.14 CWE-129: Improper Validation of
Array Index 342
A.2.15 CWE-754: Improper Check for
Unusual or Exceptional Conditions 342
A.2.16 CWE-209: Information Exposure
Through an Error Message 343
A.2.17 CWE-190: Integer Overflow or
Wraparound 343
A.2.18 CWE-131 : Incorrect Calculation of
Buffer Size 343
xvi Contents
A.2.19 CWE-306: Missing Authentication for
Critical Function 344
A.2.20 CWE-494: Download of Code Without
Integrity Check 344
A.2.21 CWE-732: Incorrect Permission
Assignment for Critical Resource 344
A.2.22 CWE-770: Allocation of Resources
Without Limits or Throttling 344
A.2.23 CWE-601 : URL Redirection to Site
( Open Redirect ) 345
A.2.24 CWE-327: Use of a Broken or Risky
Cryptographic Algorithm 345
A.2.25 CWE-362: Race Condition 345
Appendix B Enterprise Security API 347
B.1 Interface Encoder 348
B.2 Interface User 349
B.3 Interface Authenticator 350
B.4 Interface AccessControl 1er 351
B.5 Interface AccessReferenceMap 352
B.6 Interface Encryptor 355
B.7 Interface HTTPUtilities 355
B.8 Interface Logger 357
Index 361
|
| any_adam_object | 1 |
| author | Merkow, Mark S. Raghawan, Lakshmikanth |
| author_facet | Merkow, Mark S. Raghawan, Lakshmikanth |
| author_role | aut aut |
| author_sort | Merkow, Mark S. |
| author_variant | m s m ms msm l r lr |
| building | Verbundindex |
| bvnumber | BV036712119 |
| callnumber-first | Q - Science |
| callnumber-label | QA76 |
| callnumber-raw | QA76.76.D47 |
| callnumber-search | QA76.76.D47 |
| callnumber-sort | QA 276.76 D47 |
| callnumber-subject | QA - Mathematics |
| classification_rvk | ST 230 |
| ctrlnum | (OCoLC)705893791 (DE-599)BVBBV036712119 |
| dewey-full | 005.8 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 |
| dewey-search | 005.8 |
| dewey-sort | 15.8 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| format | Book |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01515nam a2200409zc 4500</leader><controlfield tag="001">BV036712119</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20101112 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">101011s2010 xxuad|| |||| 00||| eng d</controlfield><datafield tag="010" ind1=" " ind2=" "><subfield code="a">2010013383</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781439826966</subfield><subfield code="c">hardcover : alk. paper</subfield><subfield code="9">978-1-4398-2696-6</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)705893791</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV036712119</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-29T</subfield><subfield code="a">DE-703</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.76.D47</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 230</subfield><subfield code="0">(DE-625)143617:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Merkow, Mark S.</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Secure and resilient software development</subfield><subfield code="c">Mark S. Merkow ; Lakshmikanth Raghawan</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Boca Raton, FL [u.a.]</subfield><subfield code="b">CRC Press</subfield><subfield code="c">2010</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXIV, 368 S.</subfield><subfield code="b">Ill., graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer software</subfield><subfield code="x">Development</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer software</subfield><subfield code="x">Reliability</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Softwareentwicklung</subfield><subfield code="0">(DE-588)4116522-6</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Softwareentwicklung</subfield><subfield code="0">(DE-588)4116522-6</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Raghawan, Lakshmikanth</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">HBZ Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=020630190&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-020630190</subfield></datafield></record></collection> |
| id | DE-604.BV036712119 |
| illustrated | Illustrated |
| indexdate | 2024-07-09T22:46:22Z |
| institution | BVB |
| isbn | 9781439826966 |
| language | English |
| lccn | 2010013383 |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-020630190 |
| oclc_num | 705893791 |
| open_access_boolean | |
| owner | DE-29T DE-703 |
| owner_facet | DE-29T DE-703 |
| physical | XXIV, 368 S. Ill., graph. Darst. |
| publishDate | 2010 |
| publishDateSearch | 2010 |
| publishDateSort | 2010 |
| publisher | CRC Press |
| record_format | marc |
| spelling | Merkow, Mark S. Verfasser aut Secure and resilient software development Mark S. Merkow ; Lakshmikanth Raghawan Boca Raton, FL [u.a.] CRC Press 2010 XXIV, 368 S. Ill., graph. Darst. txt rdacontent n rdamedia nc rdacarrier Computer software Development Computer software Reliability Computer security Softwareentwicklung (DE-588)4116522-6 gnd rswk-swf Softwareentwicklung (DE-588)4116522-6 s DE-604 Raghawan, Lakshmikanth Verfasser aut HBZ Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=020630190&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis |
| spellingShingle | Merkow, Mark S. Raghawan, Lakshmikanth Secure and resilient software development Computer software Development Computer software Reliability Computer security Softwareentwicklung (DE-588)4116522-6 gnd |
| subject_GND | (DE-588)4116522-6 |
| title | Secure and resilient software development |
| title_auth | Secure and resilient software development |
| title_exact_search | Secure and resilient software development |
| title_full | Secure and resilient software development Mark S. Merkow ; Lakshmikanth Raghawan |
| title_fullStr | Secure and resilient software development Mark S. Merkow ; Lakshmikanth Raghawan |
| title_full_unstemmed | Secure and resilient software development Mark S. Merkow ; Lakshmikanth Raghawan |
| title_short | Secure and resilient software development |
| title_sort | secure and resilient software development |
| topic | Computer software Development Computer software Reliability Computer security Softwareentwicklung (DE-588)4116522-6 gnd |
| topic_facet | Computer software Development Computer software Reliability Computer security Softwareentwicklung |
| url | http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=020630190&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |
| work_keys_str_mv | AT merkowmarks secureandresilientsoftwaredevelopment AT raghawanlakshmikanth secureandresilientsoftwaredevelopment |