Sicurezza Applicativa: riferimenti
Gli articoli:
- A. Anton, P. Hope, G. McGraw, “Misuse and Abuses Cases: Getting Past the Positive”, IEEE Security & Privacy, March 2004;
- Curphey, Araujo, “Web Application Security Assessment Tools”, IEEE Security and Privacy archive, Volume 4 , Issue 4 (July 2006);
- B. Chess, G. McGraw, “Static Analysis for Security”, IEEE Security & Privacy, December 2004;
- Federal Information Processing Standard (fips) 199, “Standards for security categorization of federal information and information systems”, 2004;
- G. McGraw, “Software Security”, IEEE Security & Privacy, February 2004;
- G. McGraw, B. Potter, “Software Security Testing”, IEEE Security & Privacy, May 2004;
- G. McGraw, D. Verdon, “Risk Analysis in Software Design”, IEEE Security & Privacy, April 2004;
- Vaclav Rajlich, “Changing the paradigm of software engineering”,Communications of the ACM archive,Volume 49 , Issue 8 (August 2006);
- NIST, “Security Considerations in the Information SDLC”, SP 800-64 Rev. 1, 2004;
I libri:
- Gary McGraw, “Software Security: Building Security In”, Addison-Wesley Software Security Series, 2006;
- M.G. Graff, K.R. van Wyk, “Secure Coding: Principles & Practices”, O'ReillyPub, 2003;
- M. Howard, D. LeBlanc, J. Viega, “19 Deadly Sins of Software Security”, McGraw-Hill Osborne Media, July 26, 2005;
- D. Le Blanc, M. Howard, “Writing secure code 2”, Microsoft Press, 2003;
- Brian Chess, “Secure Programming with Static Analysis”, Addison-Wesley Software Security Series, 2007
Sul web:
- OWASP LAPSE Project
- Fortify Taxonomy: Software Security Errors:
- Findbugs
- Fortify SCA
- OWASP Testing Project
- OWASP Top 10 2007
I post precedenti:
Commenti
Posta un commento