CHF65.00
Download steht sofort bereit
The first guide to tackle security architecture at the software
engineering level
Computer security has become a critical business concern, and, as
such, the responsibility of all IT professionals. In this
groundbreaking book, a security expert with AT&T Business's
renowned Network Services organization explores system security
architecture from a software engineering perspective. He explains
why strong security must be a guiding principle of the development
process and identifies a common set of features found in most
security products, explaining how they can and should impact the
development cycle. The book also offers in-depth discussions of
security technologies, cryptography, database security, application
and operating system security, and more.
Autorentext
JAY RAMACHANDRAN is a certified architect and security expert at AT&T, involved in enterprise security architecture and development. Over the past eight years, he has developed software and evaluated tools for security assurance, auditing, and management for many mission-critical network systems. He coordinated architecture reviews for operations support systems for AT&T's core network for two years, and currently teaches workshops on systems architecture and network security. Jay holds a PhD from Ohio State University.
Klappentext
Tackling security architecture from a software engineering perspective
With the growth of the Internet, computer security is rapidly becoming a critical business concern. In turn, as security becomes the responsibility of all IT professionals, companies must rethink the way software is built to have confidence that their mission-critical applications are protected and the privacy and integrity of their data is maintained. In this groundbreaking book, Jay Ramachandran, a security expert with AT&T's renowned Network Services organization, explores system security architecture from a software engineering viewpoint. He explains why strong security must be a guiding principle of the development process, describes how to weave security into a system's architecture, and identifies common patterns of implementation found in most security products. This book is an essential reference for software architects and engineers integrating security products into their applications to satisfy corporate security requirements.
Offering in-depth discussions of security principles, software process, and security technologies for cryptography, application, database, and operating system security, this book covers:
Enterprise security management, including a case study on how to build financial business cases to justify security costs
Wiley Computer Publishing
Timely. Practical. Reliable.
Visit our Web site at www.wiley.com/compbooks/
Zusammenfassung
The first guide to tackle security architecture at the software engineering level
Computer security has become a critical business concern, and, as such, the responsibility of all IT professionals. In this groundbreaking book, a security expert with AT&T Business's renowned Network Services organization explores system security architecture from a software engineering perspective. He explains why strong security must be a guiding principle of the development process and identifies a common set of features found in most security products, explaining how they can and should impact the development cycle. The book also offers in-depth discussions of security technologies, cryptography, database security, application and operating system security, and more.
Inhalt
Preface xvii
Acknowledgments xxvii
PART I: ARCHITECTURE AND SECURITY 1
Chapter 1. Architecture Reviews 3
Chapter 2. Security Assessments 21
Chapter 3. Security Architecture Basics 43
Chapter 4. Architecture Patterns in Security 75
PART II: LOW-LEVEL ARCHITECTURE 105
Chapter 5. Code Review 107
Chapter 6. Cryptography 129
Chapter 7. Trusted Code 151
Chapter 8. Secure Communications 179
PART III: MID-LEVEL ARCHITECTURE 199
Chapter 9. Middleware Security 201
Chapter 10. Web Security 223
Chapter 11. Application and OS Security 247
Chapter 12. Database Security 269
PART IV: HIGH-LEVEL ARCHITECTURE 293
Chapter 13. Security Components 295
Chapter 14. Security and Other Architectural Goals 323
Chapter 15. Enterprise Security Architecture 349
PART V: BUSINESS CASES AND SECURITY 375
Chapter 16. Building Business Cases for Security 377
Conclusion 407
Glossary 413
Bibliography 421
Index 435