Beschreibung:
The first guide to tackle security architecture at the software engineering level Computer security has become a critical business concern, and, as such, the responsibility of all IT professionals. In this groundbreaking book, a security expert with AT&T Business's renowned Network Services organization explores system security architecture from a software engineering perspective. He explains why strong security must be a guiding principle of the development process and identifies a common set of features found in most security products, explaining how they can and should impact the development cycle. The book also offers in-depth discussions of security technologies, cryptography, database security, application and operating system security, and more.
The first guide to tackle security architecture at the softwareengineering levelComputer security has become a critical business concern, and, assuch, the responsibility of all IT professionals. In thisgroundbreaking book, a security expert with AT&T Business'srenowned Network Services organization explores system securityarchitecture from a software engineering perspective. He explainswhy strong security must be a guiding principle of the developmentprocess and identifies a common set of features found in mostsecurity products, explaining how they can and should impact thedevelopment cycle. The book also offers in-depth discussions ofsecurity technologies, cryptography, database security, applicationand operating system security, and more.
Preface xviiAcknowledgments xxviiPART I: ARCHITECTURE AND SECURITY 1Chapter 1. Architecture Reviews 3Chapter 2. Security Assessments 21Chapter 3. Security Architecture Basics 43Chapter 4. Architecture Patterns in Security 75PART II: LOW-LEVEL ARCHITECTURE 105Chapter 5. Code Review 107Chapter 6. Cryptography 129Chapter 7. Trusted Code 151Chapter 8. Secure Communications 179PART III: MID-LEVEL ARCHITECTURE 199Chapter 9. Middleware Security 201Chapter 10. Web Security 223Chapter 11. Application and OS Security 247Chapter 12. Database Security 269PART IV: HIGH-LEVEL ARCHITECTURE 293Chapter 13. Security Components 295Chapter 14. Security and Other Architectural Goals 323Chapter 15. Enterprise Security Architecture 349PART V: BUSINESS CASES AND SECURITY 375Chapter 16. Building Business Cases for Security 377Conclusion 407Glossary 413Bibliography 421Index 435