Object Oriented Programming

Security

Secure Coding

Easily avoided software defects are a primary cause of commonly exploited software vulnerabilities. The CERT/CC has observed, through an analysis of thousands of vulnerability reports, that most vulnerabilities stem from a relatively small number of common programming errors. By identifying insecure coding practices and developing secure alternatives, software developers can take practical steps to reduce or eliminate vulnerabilities before deployment.

more...

CERT Resources for Developers

Secure Coding Initiative
Secure Coding Standards
Build Security In
Vulnerability Remediation Work
Vulnerability Notes Database
Vulnerability Card Catalog (restricted access)
Special Communications Database (restricted access)
Survivable Systems Engineering Research

Articles Of Interest

Security in Software Engineering

An article about maintaining security principals in the software engineering process.
www.acm.org/crossroads/columns/onpatrol/may2001.html

Software Engineering for Security: a Roadmap PDF

Almost every software controlled system faces threats from potential adversaries, from Internet-aware client applications running on PCs, to complex telecommunications and power systems accessible over the Internet, to commodity software with copy protection mechanisms. Software engineers must be cognizant of these threats and engineer systems with credible
defenses, while still delivering value to customers.

General Information about Network Security

Abrams, Marshall D.; Podell, Harold J.; and Jajodia, Sushil. Information Security: An Integrated Collection of Essays. Los Alamitos, CA: IEEE Computer Society Press, 1995.

Ahuja, Vijay. Network and Internet Security. Boston, MA: AP Professional, 1996.

Allen, Julia H. The CERT® Guide to System and Network Security Practices. Boston, MA: Addison-Wesley, 2001.

Anderson, Ross J. Security Engineering: A Guide to Building Dependable Distributed Systems . New York, NY. John Wiley & Sons, 2001.

Atkinson, Randall J. "Toward a More Secure Internet." IEEE Computer 30, 1 (Jan. 1997): 57-61.

Bosselaers, Antoon, Preneel, Bart. Integrity Primitives for Secure Information Systems: Final Report of RACE Integrity Primitives Evaluation RIPE-RACE 1040. Lecture Notes in Computer Science: 1007. Berlin and New York: Springer, 1995.

Cohen, Frederick B. Protection and Security on the Information Superhighway. New York, NY: Wiley, 1995.

Comer, Douglas E. Internetworking with TCP/IP, volume 1: principles, protocols, and architecture. Third Edition. New York, NY: Prentice-Hall, 1995.

Davis, Peter T., ed. Securing Client/Server Computer Networks. New York, N.Y.: McGraw-Hill, 1996.

Denning, D.E. Information Warfare and Security. New York, N.Y: Addison-Wesley Publishing Company, Inc., 1999.

Denning, P.J. and Denning, D.E. Internet Besieged: Countering Cyberspace Scofflaws. New York, N.Y: Addison-Wesley Publishing Company, Inc., 1998.

F-Secure Corporation. F-Secure Corporation's Data Security Summary for 2004. Available at http://www.f-secure.com/2004/.

Gollmann, Dieter. Computer Security. Chichester, England: John Wiley & Sons, 1999.

Howard, Michael & LeBlanc, David. Writing Secure Code. Redmond: Microsoft Press, 2002.

Kaufman, C.; Perlman, R.; and Speciner, M. Network Security: Private Communication in a Public World. Englewood Cliffs, NJ: PTR Prentice-Hall, Inc., 1995.

Kyas, O. Internet Security, Risk Analysis, Strategies and Firewalls. Boston, MA: Int'l Thompson, 1997.

McGraw, Gary, and Felten, Edward W. Java Security. New York: John Wiley and Sons, Inc., 1996.

Mirkovic, Dietrich, Dittrich, and Reiher. Internet Denial of Service Attack and Defense Mechanisms. New York, NY: Prentice Hall PTR, 2005. Available at http://www.phptr.com.

NCSCGlossary of Computer Security Terms. Ft. George G. Meade, MD: National Computer Security Center: Washington, DC: For sale by the Supt. of Docs., U.S. G.P.O., 1989.

National Research Council. Computers at Risk: Safe Computing in the Information Age. Washington, D.C.: National Academy Press, 1991

Pfleeger, Charles P. Security in Computing (Second Edition). Upper Saddle River, NJ: Prentice Hall, 1997.

Ryan Peter, Steve Schneider, et al. Modelling and Analysis of Security Protocols. Harlow, England: Addison-Wesley, 2001.

Schneider, Fred B. ed. Trust in Cyberspace. Washington, DC: National Academy Press, 1999.

Schwartau, Winn. Time-Based Security. Seminole, FL: Interpact Press, 1999.

Stevens, W. Richard. TCP/IP Illustrated,Volume 1: The Protocols. Reading, MA: Addison-Wesley, 1994.

Summers, Rita C. Secure Computing. New York, NY: McGraw-Hill, 1997.

Wadlow, Thomas A. The Process of Network Security. Reading, MA: Addison-Wesley, 2000.

Last Updated