Secure and Resilient Software

Secure and Resilient Software: Requirements, Test Cases, and Testing Methods provides a comprehensive set of requirements for secure and resilient software development and operation. It supplies documented test cases for those requirements as well as best practices for testing nonfunctional requirements for improved information assurance. This resource-rich book includes:

• Pre-developed nonfunctional requirements that can be reused for any software development project
• Documented test cases that go along with the requirements and can be used to develop a Test Plan for the software
• Testing methods that can be applied to the test cases provided
• A CD with all security requirements and test cases as well as MS Word versions of the checklists, requirements, and test cases covered in the book

Offering ground-level, already-developed software nonfunctional requirements and corresponding test cases and methods, this book will help to ensure that your software meets its nonfunctional requirements for security and resilience. The accompanying CD filled with helpful checklists and reusable documentation provides you with the tools needed to integrate security into the requirements analysis, design, and testing phases of your software development lifecycle.

Some Praise for the Book:

This book pulls together the state of the art in thinking about this important issue in a holistic way with several examples. It takes you through the entire lifecycle from conception to implementation … .
—Doug Cavit, Chief Security Strategist, Microsoft Corporation

…provides the reader with the tools necessary to jump-start and mature security within the software development lifecycle (SDLC).
—Jeff Weekes, Sr. Security Architect at Terra Verde Services

… full of useful insights and practical advice from two authors who have lived this process. What you get is a tactical application security roadmap that cuts through the noise and is immediately applicable to your projects.
—Jeff Williams, Aspect Security CEO and Volunteer Chair of the OWASP Foundation

Table of Contents

Chapter 1: Introduction
Chapter 2: Nonfunctional Requirements (NFRs) in Context
Chapter 3: Resilience and Quality Considerations for Application Software and the Application Runtime Environment
Chapter 4: Security Requirements for Application Software
Chapter 5: Security Services for the Application Operating Environment
Chapter 6: Software Design Considerations for Security and Resilience
Chapter 7: Best Practices for Converting Requirements to Secure Software Designs
Chapter 8: Security Test Cases
Chapter 9: Testing Methods and Best Practices
Chapter 10: Connecting the Moving Parts