Sharks in the Moat: How to Create Truly Secure Software

  • Introduction
  •     What Exactly Is A ‘Moat Shark’?
  •     What Does ‘Secure Software’ Mean?
  •     Who Is The Typical Attacker?
  •     TLS Vs. SSL
  • Section 1: Castle Warfare
  •     Chapter 1: Outer Defenses
  •     Chapter 2: Wall Defenses
  •     Chapter 3: Defending The Gateways
  •     Chapter 4: Other Defenses
  •     Chapter 5: The Attack
  •     Chapter 6: Types Of Security Controls
  • Section 2: Core Security Concepts
  •     Chapter 7: Quality Attributes
  •     Chapter 8: Holistic Security
  •     Chapter 9: A Good Security Profile
  •     Chapter 10: Confidentiality
  •     Chapter 11: Encryption
  •     Chapter 12: Integrity
  •     Chapter 13: Business Continuity
  •     Chapter 14: Service Level Agreements
  •     Chapter 15: Availability
  •     Chapter 16: Authentication
  •     Chapter 17: Authorization
  •     Chapter 18: Accountability
  •     Chapter 19: Least Privilege
  •     Chapter 20: Separation Of Duties
  •     Chapter 21: Defense In Depth
  •     Chapter 22: Fail Secure
  •     Chapter 23: Economy Of Mechanisms
  •     Chapter 24: Complete Mediation
  •     Chapter 25: Open Design
  •     Chapter 26: Least Common Mechanisms
  •     Chapter 27: Psychological Acceptability
  •     Chapter 28: Weakest Link
  •     Chapter 29: Leveraging Existing Components
  •     Chapter 30: The Attack Surface
  •     Chapter 31: OWASP
  •     Chapter 32: Controls
  •     Chapter 33: Open Systems Interconnection Reference Model
  • Section 3: Secure Software Development
  •     Chapter 34: The DevOps Role
  •     Chapter 35: The Infrastructure Role
  •     Chapter 36: The DBA Role
  •     Chapter 37: The Development Role
  •     Chapter 38: The Product Role
  •     Chapter 39: The Architect Role
  •     Chapter 40: The Engineering Management Role
  •     Chapter 41: The Testing Role
  •     Chapter 42: The Project Role
  •     Chapter 43: The Security Role
  •     Chapter 44: The Change Management Role
  •     Chapter 45: The Auditor Role
  • Section 4: Secure Supply Chain Management
  •     Chapter 46: Acquisition Models
  •     Chapter 47: Threats To Supply Chain Software
  •     Chapter 48: Software Supply Chain Risk Management (SCRM)
  •     Chapter 49: Acquisition Lifecycle
  •     Chapter 50: Step 1 - Planning
  •     Chapter 51: Step 2 - Contracting
  •     Chapter 52: Step 3 - Development And Testing
  •     Chapter 53: Step 4 - Acceptance
  •     Chapter 54: Step 5 - Delivery
  •     Chapter 55: Step 6 - Deployment
  •     Chapter 56: Step 7 - Operations And Monitoring
  •     Chapter 57: Step 8 - Retirement
Created with