krainaksiazek building effective project teams 20107681
- znaleziono 4 produkty w 1 sklepie
Art of Software Security Testing Addison-Wesley Educational Publishers Inc
Książki / Literatura obcojęzyczna
Risk-based security testing, the important subject of this book, is one of seven software security touchpoints introduced in my book, Software Security: Building Security In. This book takes the basic idea several steps forward. Written by masters of software exploit, this book describes in very basic terms how security testing differs from standard software testing as practiced by QA groups everywhere. It unifies in one place ideas from Michael Howard, David Litchfield, Greg Hoglund, and me into a concise introductory package. Improve your security testing by reading this book today." -Gary McGraw, Ph.D., CTO, Cigital; Author, Software Security, Exploiting Software, Building Secure Software, and Software Fault Injection; www.cigital.com/~gem "As 2006 closes out, we will see over 5,000 software vulnerabilities announced to the public. Many of these vulnerabilities were, or will be, found in enterprise applications from companies who are staffed with large, professional, QA teams. How then can it be that these flaws consistently continue to escape even well-structured diligent testing? The answer, in part, is that testing still by and large only scratches the surface when validating the presence of security flaws. Books such as this hopefully will start to bring a more thorough level of understanding to the arena of security testing and make us all a little safer over time." -Alfred Huger, Senior Director, Development, Symantec Corporation "Software security testing may indeed be an art, but this book provides the paint-by-numbers to perform good, solid, and appropriately destructive security testing: proof that an ounce of creative destruction is worth a pound of patching later. If understanding how software can be broken is step one in every programmers' twelve-step program to defensible, secure, robust software, then knowledgeable security testing comprises at least steps two through six." -Mary Ann Davidson, Chief Security Officer, Oracle "Over the past few years, several excellent books have come out teaching developers how to write more secure software by describing common security failure patterns. However, none of these books have targeted the tester whose job it is to find the security problems before they make it out of the R&D lab and into customer hands. Into this void comes The Art of Software Security Testing: Identifying Software Security Flaws. The authors, all of whom have extensive experience in security testing, explain how to use free tools to find the problems in software, giving plenty of examples of what a software flaw looks like when it shows up in the test tool. The reader learns why security flaws are different from other types of bugs (we want to know not only that 'the program does what it's supposed to,' but also that 'the program doesn't do that which it's not supposed to'), and how to use the tools to find them. Examples are primarily based on C code, but some description of Java, C#, and scripting languages help for those environments. The authors cover both Windows and UNIX-based test tools, with plenty of screenshots to see what to expect. Anyone who's doing QA testing on software should read this book, whether as a refresher for finding security problems, or as a starting point for QA people who have focused on testing functionality." -Jeremy Epstein, WebMethods State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the "bad guys" do. Drawing on decades of experience in application and penetration testing, this book's authors can help you transform your approach from mere "verification" to proactive "attack." The authors begin by systematically reviewing the design and coding vulnerabilities that can arise in software, and offering realistic guidance in avoiding them. Next, they show you ways to customize software debugging tools to test the unique aspects of any program and then analyze the results to identify exploitable vulnerabilities. Coverage includes * Tips on how to think the way software attackers think to strengthen your defense strategy * Cost-effectively integrating security testing into your development lifecycle * Using threat modeling to prioritize testing based on your top areas of risk * Building testing labs for performing white-, grey-, and black-box software testing * Choosing and using the right tools for each testing project * Executing today's leading attacks, from fault injection to buffer overflows * Determining which flaws are most likely to be exploited by real-world attackers This book is indispensable for every technical professional responsible for software security: testers, QA specialists, security professionals, developers, and more. For IT managers and leaders, it offers a proven blueprint for implementing effective security testing or strengthening existing processes. Foreword xiii Preface xvii Acknowledgments xxix About the Authors xxxi Part I: Introduction Chapter 1: Case Your Own Joint: A Paradigm Shift from Traditional Software Testing 3 Chapter 2: How Vulnerabilities Get Into All Software 19 Chapter 3: The Secure Software Development Lifecycle 55 Chapter 4: Risk-Based Security Testing: Prioritizing Security Testing with Threat Modeling 73 Chapter 5: Shades of Analysis: White, Gray, and Black Box Testing 93 Part II: Performing the Attacks Chapter 6: Generic Network Fault Injection 107 Chapter 7: Web Applications: Session Attacks 125 Chapter 8: Web Applications: Common Issues 141 Chapter 9: Web Proxies: Using WebScarab 169 Chapter 10: Implementing a Custom Fuzz Utility 185 Chapter 11: Local Fault Injection 201 Part III: Analysis Chapter 12: Determining Exploitability 233 Index 251
Continuous Delivery PEARSON
Książki / Literatura obcojęzyczna
Winner of the 2011 Jolt Excellence Award! Getting software released to users is often a painful, risky, and time-consuming process. This groundbreaking new book sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. Through automation of the build, deployment, and testing process, and improved collaboration between developers, testers, and operations, delivery teams can get changes released in a matter of hours- sometimes even minutes-no matter what the size of a project or the complexity of its code base. Jez Humble and David Farley begin by presenting the foundations of a rapid, reliable, low-risk delivery process. Next, they introduce the "deployment pipeline," an automated process for managing all changes, from check-in to release. Finally, they discuss the "ecosystem" needed to support continuous delivery, from infrastructure, data and configuration management to governance. The authors introduce state-of-the-art techniques, including automated infrastructure management and data migration, and the use of virtualization. For each, they review key issues, identify best practices, and demonstrate how to mitigate risks. Coverage includes * Automating all facets of building, integrating, testing, and deploying software * Implementing deployment pipelines at team and organizational levels * Improving collaboration between developers, testers, and operations * Developing features incrementally on large and distributed teams * Implementing an effective configuration management strategy * Automating acceptance testing, from analysis to implementation * Testing capacity and other non-functional requirements * Implementing continuous deployment and zero-downtime releases * Managing infrastructure, data, components and dependencies * Navigating risk management, compliance, and auditing Whether you're a developer, systems administrator, tester, or manager, this book will help your organization move from idea to release faster than ever-so you can deliver value to your business rapidly and reliably.
Książki / Literatura obcojęzyczna
Leaders of software-development projects face many challenges. First, you must produce a quality product on schedule and on budget. Second, you must foster and encourage a cohesive, motivated, and smoothly operating team. And third, you must maintain a clear and consistent focus on short- and long-term goals, while exemplifying quality standards and showing confidence and enthusiasm for your team and its efforts. Most importantly, as a leader, you need to feel and act responsible for your team and everything that it does. Accomplishing all these goals in a way that is rewarding for the leader and the team--while producing the results that management wants--is the motivation behind the Team Software Process (TSP). Developed by renowned quality expert Watts S. Humphrey, TSP is a set of new practices and team concepts that helps developers take the CMM and CMMI Capability Maturity Models to the next level. Not only does TSP help make software more secure, it results in an average production gain of 68 percent per project. Because of their quality, timeliness, and security, TSP-produced products can be ten to hundreds of times better than other hardware or software. In this essential guide to TSP, Humphrey uses his vast industry experience to show leaders precisely how to lead teams of software engineers trained in the Personal Software Process (PSP). He explores all aspects of effective leadership and teamwork, including building the right team for the job, the TSP launch process, following the process to produce a quality product, project reviews, and capitalizing on both the leader's and team's capabilities. Humphrey also illuminates the differences between an ineffective leader and a superb one with the objective of helping you understand, anticipate, and correct the most common leadership failings before they undermine the team. An extensive set of appendices provides additional detail on TSP team roles and shows you how to use an organization's communication and command networks to achieve team objectives. Whether you are a new or an experienced team leader, TSPSM: Leading a Development Team provides invaluable examples, guidelines, and suggestions on how to handle the many issues you and your team face together.
Scaling Software Agility Addison-Wesley Educational Publishers Inc
Książki / Literatura obcojęzyczna
"Companies have been implementing large agile projects for a number of years, but the 'stigma' of 'agile only works for small projects' continues to be a frequent barrier for newcomers and a rallying cry for agile critics. What has been missing from the agile literature is a solid, practical book on the specifics of developing large projects in an agile way. Dean Leffingwell's book Scaling Software Agility fills this gap admirably. It offers a practical guide to large project issues such as architecture, requirements development, multi-level release planning, and team organization. Leffingwell's book is a necessary guide for large projects and large organizations making the transition to agile development." -Jim Highsmith, director, Agile Practice, Cutter Consortium, author of Agile Project Management"There's tension between building software fast and delivering software that lasts, between being ultra-responsive to changes in the market and maintaining a degree of stability. In his latest work, Scaling Software Agility, Dean Leffingwell shows how to achieve a pragmatic balance among these forces. Leffingwell's observations of the problem, his advice on the solution, and his description of the resulting best practices come from experience: he's been there, done that, and has seen what's worked." -Grady Booch, IBM Fellow Agile development practices, while still controversial in some circles, offer undeniable benefits: faster time to market, better responsiveness to changing customer requirements, and higher quality. However, agile practices have been defined and recommended primarily to small teams. In Scaling Software Agility, Dean Leffingwell describes how agile methods can be applied to enterprise-class development. * Part I provides an overview of the most common and effective agile methods. * Part II describes seven best practices of agility that natively scale to the enterprise level. * Part III describes an additional set of seven organizational capabilities that companies can master to achieve the full benefits of software agility on an enterprise scale. This book is invaluable to software developers, testers and QA personnel, managers and team leads, as well as to executives of software organizations whose objective is to increase the quality and productivity of the software development process but who are faced with all the challenges of developing software on an enterprise scale. Foreword Preface Acknowledgments About the Author Part I: Overview of Software Agility Chapter 1: Introduction to Agile Methods Chapter 2: Why the Waterfall Model Doesn't Work Chapter 3: The Essence of XP Chapter 4: The Essence of Scrum Chapter 5: The Essence of RUP Chapter 6: Lean Software, DSDM, and FDD Chapter 7: The Essence of Agile Chapter 8: The Challenge of Scaling Agile Part II: Seven Agile Team Practices That Scale Chapter 9: The Define/Build/Test Component Team Chapter 10: Two Levels of Planning and Tracking Chapter 11: Mastering the Iteration Chapter 12: Smaller, More Frequent Releases Chapter 13: Concurrent Testing Chapter 14: Continuous Integration Chapter 15: Regular Reflection and Adaptation Part III: Creating the Agile Enterprise Chapter 16: Intentional Architecture Chapter 17: Lean Requirements at Scale: Vision, Roadmap, and Just-in-Time Elaboration Chapter 18: Systems of Systems and the Agile Release Train Chapter 19: Managing Highly Distributed Development Chapter 20: Impact on Customers and Operations Chapter 21: Changing the Organization Chapter 22: Measuring Business Performance Conclusion: Agility Works at Scale Bibliography Index
Sklepy zlokalizowane w miastach: Warszawa, Kraków, Łódź, Wrocław, Poznań, Gdańsk, Szczecin, Bydgoszcz, Lublin, Katowice
Szukaj w sklepach lub całym serwisie
t1=0.025, t2=0, t3=0, t4=0, t=0.025