









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Some concept of Building Secure Software are Anti-Phishing Software, Architectural Risk Analysis, Awareness And Training, Buffer Overflows , Wikipedia, Building Secure Software, Command Injection, Independence In Multiversion Programming. Main points of this lecture are: Code Review , External Review, Security Requirements, Risk Analysis, Abuse Cases, Requirement, Architecture, Test Plans, Code, Feedback
Typology: Slides
1 / 16
This page cannot be seen from the preview
Don't miss anything!










Requirement and Use cases
Architecture and Design Test Plans^ Code^
Tests and Test Results
Feedback from the Field
5. Abuse cases 6. Security Requirements 2. Risk Analysis
External Review
4. Risk-Based Security Tests 1. Code Review (Tools) 2. Risk Analysis 3. Penetration Testing 7. Security Operations
Optimizes number of detected vulnerabilities (70-90 %)
code/hour Faster is not better! Based on number of detected vulnerabilities
Efficiency drops after about an hour of intense work
Encourage developers to “double-check” their work Reduce the number of vulnerabilities in the code
External metrics: e.g., reduced # of support calls Internal metrics: e.g., defect rate
Prevent omissions of important security components
Need good collaborative review of software
Support team building and acceptance of process