Security for software engineers

Security for Software Engineers is designed to introduce security concepts to undergraduate software engineering students. The book is divided into four units, each targeting activities that a software engineer will likely be involved in within industry. The book explores the key areas of attack vectors, code hardening, privacy, and social engineering. Each topic is explored from a theoretical and a practical-application standpoint. Features: targets software engineering students - one of the only security texts to target this audience; focuses on the white-hat side of the security equation rather than the black-hat side; includes many practical and real-world examples that easily translate into the workplace; covers a one-semester undergraduate course; describes all aspects of computer security as it pertains to the job of a software engineer and presents problems similar to that which an engineer will encounter in the industry. This text will equip students to make knowledgeable security decisions, be productive members of a security review team, and write code that protects a user's information assets. -- Provided by publisher. Read more... Abstract: Security for Software Engineers is designed to introduce security concepts to undergraduate software engineering students. The book is divided into four units, each targeting activities that a software engineer will likely be involved in within industry. The book explores the key areas of attack vectors, code hardening, privacy, and social engineering. Each topic is explored from a theoretical and a practical-application standpoint. Features: targets software engineering students - one of the only security texts to target this audience; focuses on the white-hat side of the security equation rather than the black-hat side; includes many practical and real-world examples that easily translate into the workplace; covers a one-semester undergraduate course; describes all aspects of computer security as it pertains to the job of a software engineer and presents problems similar to that which an engineer will encounter in the industry. This text will equip students to make knowledgeable security decisions, be productive members of a security review team, and write code that protects a user's information assets. -- Provided by publisher Content: Introduction to Security -- Security for Software Engineers -- Roles -- Unit 1: Attack Vectors: Classification of Attacks -- Software Weapons -- Social Engineering -- Unit 2: Code Hardening: Command Injection -- Script Injection -- Memory Injection -- Threat Modeling -- Mitigation -- Unit 3: Privacy: Authentication -- Access Control -- Encryption -- Appendices: Appendix A: Arrays -- Appendix B: Function Pointers -- Appendix C: V-Tables -- Appendix D: Integers -- Appendix E: The Callstack -- Appendix F: The Heap -- Appendix G: Further Reading -- Appendix H: Works Cited -- Appendix I: Glossary -- Appendix J: Index Society has the need for secure software tools. Unfortunately, many of these tools are not built with security in mind or are not developed with attention to security issues. If all software engineers were fluent in the principles described in this book, security breaches and malware outbreaks would be a less common topic in our news today.