Gary McGraw's latest book "Software Security: Building Security In" is now released. Great, informative read, I will blog more on it later. As with other of Gary's works, it explores new territory on collaboration among key development stakeholders. This book has sections which are more accessible to non-developers, e.g. testers, BAs, making it all the more valuable. Some points discussed include:
- Code review using static analysis tools
- Architectural risk analysis
- Penetration testing
- Security testing
- Abuse case development
Like I have said many times before, everyone talks about adding security in to software, but few discuss practical techniques to do so. This book does.