SREENIVASA INSTITUTE OF TECHNOLOGY AND MANAGEMENT STUDIES (Autonomous) M. Tech II - Semester (Software Engineering) 13MSE025 SECURE SOFTWARE ENGINEERING UNIT - 1: Why Is Security a Software Issue, What Makes Software Secure
Introduction - The problem - Software assurance and software security - Threats to software security - Sources of software insecurity - The benefits of detecting software security defects early - Managing secure software development - Defining properties of secure software - How to influence the security properties of software - How to assert and specify desired security properties
UNIT - 2: Requirements Engineering for Secure Software
The SQUARE process model - Identifying security requirements using the security quality requirements engineering (SQUARE) method - SQUARE sample outputs - Requirements elicitation - Requirements prioritization
UNIT - 3: Secure Software Architecture and Design, Considerations for Secure Coding and Testing
Software security practices for architecture and design - Architectural risk analysis - Software security knowledge for architecture and design - Security principles - Security guidelines and Attack patterns - Code analysis - Coding practices - Software security testing - Security testing considerations throughout the SDLC
UNIT - 4: Security and Complexity, System Assembly Challenges
Security failures - Functional and attacker perspectives for security analysis - System complexity drivers and security - Deep technical problem complexity
UNIT - 5: Governance, and Managing for More Secure Software & Security metrics
Governance and security - Adopting an enterprise software security framework - How much security is enough? Security and project management - maturity of practice - Defining security metrics - Diagnosing problems and measuring technical security - Analysis techniques
–
organize, aggregate and analyze data to bring out key insights
Text Books:
1.
Software Security Engineering: A Guide for Project Managers, 1/e, May 2008,
Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw, Nancy R. Mead, Addison-Wesley, India.
2.
Security Metrics: Replacing Fear, Uncertainty, and Doubt, 1/e, 2007, Andrew Jaquith, Addison-Wesley, India.
Reference Books:
1.
Integrating Security and Software Engineering: Advances and Future Vision, 1/e, 2006, Haralambos Mouratidis, Paolo Giorgini, IGI Global, India. 2.
Software Security: Building Security In, 1/e, 2006, Gary McGraw , Addison-Wesley, India.
3.
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, 1/e, 2006, Mark Dowd, John McDonald, Justin Schuh, Addison-Wesley, India. 4.
Building Secure Software: How to Avoid Security Problems the Right Way, 1/e, 2006, John Viega, Gary McGraw, Addison
–
Wesley, India.
5.
Writing Secure Code, 2/e, 2009, Michael Howard, D. LeBlanc
,
Microsoft Press, India
.