Security for Software Engineers

Security for Software Engineers is designed to introduce security concepts to undergraduate software engineering students. The book is divided into four units, each targeting activities that a software engineer will likely be involved in within industry. The book explores the key areas of attack vectors, code hardening, privacy, and social engineering. Each topic is explored from a theoretical and a practical-application standpoint. Features: targets software engineering students - one of the only security texts to target this audience; focuses on the white-hat side of the security equation rather than the black-hat side; includes many practical and real-world examples that easily translate into the workplace; covers a one-semester undergraduate course; describes all aspects of computer security as it pertains to the job of a software engineer and presents problems similar to that which an engineer will encounter in the industry. This text will equip students to make knowledgeable security decisions, be productive members of a security review team, and write code that protects a user's information assets. -- Provided by publisher. Read more... Abstract: Security for Software Engineers is designed to introduce security concepts to undergraduate software engineering students. The book is divided into four units, each targeting activities that a software engineer will likely be involved in within industry. The book explores the key areas of attack vectors, code hardening, privacy, and social engineering. Each topic is explored from a theoretical and a practical-application standpoint. Features: targets software engineering students - one of the only security texts to target this audience; focuses on the white-hat side of the security equation rather than the black-hat side; includes many practical and real-world examples that easily translate into the workplace; covers a one-semester undergraduate course; describes all aspects of computer security as it pertains to the job of a software engineer and presents problems similar to that which an engineer will encounter in the industry. This text will equip students to make knowledgeable security decisions, be productive members of a security review team, and write code that protects a user's information assets. -- Provided by publisher Cover......Page 1 Half Title......Page 2 Title Page......Page 4 Copyright Page......Page 5 Table of Contents......Page 6 Unit 0: Introduction to Security......Page 7 Chapter 00: Security for Software Engineers......Page 8 Chapter 01: Roles......Page 12 Unit 1: Attack Vectors......Page 27 Chapter 02: Classification of Attacks......Page 28 Chapter 03: Software Weapons......Page 57 Chapter 04: Social Engineering......Page 75 Unit 2: Code Hardening......Page 107 Chapter 05: Command Injection......Page 108 Chapter 06: Script Injection......Page 126 Chapter 07: Memory Injection......Page 143 Chapter 08: Threat Modeling......Page 176 Chapter 09: Mitigation......Page 197 Unit 3: Privacy......Page 215 Chapter 10: Authentication......Page 219 Chapter 11: Access Control......Page 241 Chapter 12: Encryption......Page 274 Appendix......Page 308 Appendix A: Arrays......Page 309 Appendix B: Function Pointers......Page 310 Appendix C: V-Tables......Page 312 Appendix D: Integers......Page 314 Appendix E: The Callstack......Page 317 Appendix F: The Heap......Page 328 Appendix G: Further Reading......Page 334 Appendix H: Works Cited......Page 337 Appendix I: Glossary......Page 340 Appendix J: Index......Page 349 Society has the need for secure software tools. Unfortunately, many of these tools are not built with security in mind or are not developed with attention to security issues. If all software engineers were fluent in the principles described in this book, security breaches and malware outbreaks would be a less common topic in our news today.