-
What Does ‘Secure Software’ Mean?
-
Who Is The Typical Attacker?
-
TLS Vs. SSL
-
Section 1: Core Security Concepts
-
Chapter 1: Quality Attributes
-
Chapter 2: Holistic Security
-
Chapter 3: A Good Security Profile
-
Chapter 4: Confidentiality
-
Chapter 5: Encryption
-
Chapter 6: Integrity
-
Chapter 7: Business Continuity
-
Chapter 8: Service Level Agreements
-
Chapter 9: Availability
-
Chapter 10: Authentication
-
Chapter 11: Authorization
-
Chapter 12: Accountability
-
Chapter 13: Least Privilege
-
Chapter 14: Separation Of Duties
-
Chapter 15: Defense In Depth
-
Chapter 16: Fail Secure
-
Chapter 17: Economy Of Mechanisms
-
Chapter 18: Complete Mediation
-
Chapter 19: Open Design
-
Chapter 20: Least Common Mechanisms
-
Chapter 21: Psychological Acceptability
-
Chapter 22: Weakest Link
-
Chapter 23: Leveraging Existing Components
-
Chapter 24: The Attack Surface
-
Chapter 25: OWASP
-
Chapter 26: Controls
-
Chapter 27: Open Systems Interconnection Reference Model
-
Section 2: Secure Software Development
-
Chapter 28: The DevOps Role
-
Chapter 29: The Infrastructure Role
-
Chapter 30: The DBA Role
-
Chapter 31: The Development Role
-
Chapter 32: The Product Role
-
Chapter 33: The Architect Role
-
Chapter 34: The Engineering Management Role
-
Chapter 35: The Testing Role
-
Chapter 36: The Project Role
-
Chapter 37: The Security Role
-
Chapter 38: The Change Management Role
-
Chapter 39: The Auditor Role
-
Section 3: Secure Supply Chain Management
-
Chapter 40: Acquisition Models
-
Chapter 41: Threats To Supply Chain Software
-
Chapter 42: Software Supply Chain Risk Management (SCRM)
-
Chapter 43: Acquisition Lifecycle
-
Chapter 44: Step 1 - Planning
-
Chapter 45: Step 2 - Contracting
-
Chapter 46: Step 3 - Development And Testing
-
Chapter 47: Step 4 - Acceptance
-
Chapter 48: Step 5 - Delivery
-
Chapter 49: Step 6 - Deployment
-
Chapter 50: Step 7 - Operations And Monitoring
-
Chapter 51: Step 8 - Retirement
