A Confluence of Disciplines
(Addison-Wesley Software Security Series)

Traditional approaches to securing software are inadequate. The solution: Bring software engineering and network security teams together in a new, holistic approach to protecting the entire enterprise. In Enterprise Software Security,  Mark Graff, Kenneth vanWyk, Dan Peters, and Diane Burley, Ph.D. explain why this “confluence” is so crucial, and show how to implement it in your organization.

Writing for all software and security practitioners and leaders, they show how software can play a vital, active role in protecting an organization. Readers learn how to construct software that actively safeguards sensitive data and business processes and contributes to intrusion detection/response in sophisticated new ways. The authors cover the entire development lifecycle, including project inception, design, implementation, testing, deployment, operation, and maintenance. They also provide a full chapter of advice specifically for Chief Information Security Officers and other enterprise security executives.

Enterprise Software Security delivers indispensable big-picture guidance- and specific, high-value recommendations readers can apply right now.

Principles & Practices

Secure Coding, by Mark Graff and Ken vanWyk, has been used at dozens of universities around the world to teach how to design and build secure software-based systems. Secure Coding looks at the problem of bad code in a new way. Packed with advice based on the authors’ decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn’t easy, and there are no quick fixes to bad code.