Security

Resources

• Secure Software Development and Maintenance

  • To design security into software, one must take into consideration every stage of the software development lifecycle. In particular, secure software development involves software requirements security, software design security, software construction security, and software testing security.

    • Software Development Life Cycle

      • Stages / Processes

        1. Planning / Requirements / Specification

           • cost benefits

        2. Design

        3. Building / Implementation / Construction

        4. Testing / Validation

        5. Deployment

        6. Maintenance / Evolution

      • Models

        1. Waterfall

        2. Agile

      • SWEBOK Ch. 13 Section 3.1 The Programming Process

      • Analogy to Math: Appendix B - Figure A1

  • SEI CERT Coding Standards

  • Top 10 Secure Coding Practices

• Other Computer Security Concerns

  • Basic Computer Security: How to Protect Yourself from Viruses, Hackers, and Thieves

  • Social Engineering csoonline

  • Password techniques

    • What is Your Password?

  • What Happens When You Dare Expert Hackers To Hack You (11:34)

  • Phishing Quiz

  • Anti-virus software

    • Do you really need it? No Yes

    • AV Comparatives independent tests

      • Awards

  • uBlock Origin - free and open-source, cross-platform browser extension for content-filtering, including ad-blocking

  • Tor Browser - web broswer that anonymizes your web traffic, making it easy to protect your identity online

    • What is the Tor Browser? And how it can help protect your identity csoonline

    • Video (2:17)

  • Encryption

  • Cryptography with Python

    • • Caesar Cipher

  • Security

    • Information Security - wikipedia

      • CIA Triad

  • Microsoft Digital Literacy

    • Working with Computers and Devices

      • 4. Keeping Your Computer Secure and Updated

17. Secure Software Development and Maintenance

17.1. Software Requirements Security

17.2. Software Design Security

17.3. Software Construction Security

17.4. Software Testing Security

17.5. Build Security into Software Engineering Process

17.6. Software Security Guidelines

• • 1. Validate input.

  • 2. Heed compiler warnings.

    • Compile code using the highest warning level available for your compiler and eliminate warnings by modifying the code.

    • Use static and dynamic analysis tools to detect and eliminate additional security flaws.

    • Code inspections in PyCharm

  • 3. Architect and design for security policies.

  • 4. Keep it simple.

  • 5. Default deny.

  • 6. Adhere to the principle of least privilege.

  • 7. Sanitize data sent to other software.

  • 8. Practice defense in depth.

  • 9. Use effective quality assurance techniques.

  • 10. Adopt a software construction security standard.