Software Security Analysis: an Example Case Study
This chapter presents an example outlining the process and results of a software security risk analysis. Unlike other types of security risk analyses, a software security analysis focuses on the design and implementation of the online application rather than the network and physical environment in which the application is deployed. An example is used to illustrate the benefits of a software security risk analysis and demonstrate how software security extends and complements conventional security and business risk analyses.
Unable to display preview. Download preview PDF.
- [Arkin, et al., 1999]Arkin, B., Hill, F., Marks, S., McGraw, G., Schmid M., and Walls, T. “How We Learned to Cheat at Online Poker: A Study in Software Security.” Developer.com: Tech Focus, (September 28, 1999).Google Scholar
- [Craft, et al., 1998]Craft, R., Wyss, G., Vandewart, R., and Funkhouser, D. “An Open Framework for Risk Management.” Proc. 21rst NISSC (1998).Google Scholar
- [Goldberg and Wagner, 1996]Goldberg, I. and Wagner, D. “Randomness and the Netscape Browser.” Dr. Dobbs Journal, (January, 1996.)Google Scholar
- [Meritt, 1999]Meritt, J. “A Method for Quantitative Risk Analysis.” Proc. 22nd NISSC (1999).Google Scholar
- [Meritt, 1998]Meritt, J. “Risk Management.” Proc. 21rst NISSC (1998).Google Scholar
- [Schneier, 1996]Schneier, B. Applied Cryptography (Second Edition). John Wiley and Sons, 1996.Google Scholar