Security Software Development: Assessing and Managing Security Risks

Threats to application security continue to evolve just as quickly as the systems that protect against cyber-threats. In many instances, traditional firewalls and other conventional controls can no longer get the job done. The latest line of defense is to build security features into software as it is being developed.

Drawing from the author’s extensive experience as a developer, Secure Software Development: Assessing and Managing Security Risks illustrates how software application security can be best, and most cost-effectively, achieved when developers monitor and regulate risks early on, integrating assessment and management into the development life cycle. This book identifies the two primary reasons for inadequate security safeguards: Development teams are not sufficiently trained to identify risks; and developers falsely believe that pre-existing perimeter security controls are adequate to protect newer software. Examining current trends, as well as problems that have plagued software security for more than a decade, this useful guide:

• Outlines and compares various techniques to assess, identify, and manage security risks and vulnerabilities, with step-by-step instruction on how to execute each approach
• Explains the fundamental terms related to the security process
• Elaborates on the pros and cons of each method, phase by phase, to help readers select the one that best suits their needs

Despite decades of extraordinary growth in software development, many open-source, government, regulatory, and industry organizations have been slow to adopt new application safety controls, hesitant to take on the added expense. This book improves understanding of the security environment and the need for safety measures. It shows readers how to analyze relevant threats to their applications and then implement time- and money-saving techniques to safeguard them.

About the Author

Douglas A. Ashbaugh is a Certified Information Systems Security Professional (CISSP) and member of the International Information Systems Security Certification Consortium (ISC2), as well as a Certified Information Systems Auditor (CISA) and member of the Information Systems Audit and Control Association (ISACA). Mr. Ashbaugh is also the manager of information assurance for Software Engineering Services (SES) where he leads a team of dedicated information security analysts in providing security strategy and solutions, evaluation and assessment services, application security services, and security remediation services to corporate as well as various federal, state, and municipal government clients.

A dedicated information security professional, Mr. Ashbaugh has extensive experience in project management, application development, and information security. His 18+ years of information systems experience in both government and commercial environments provides a solid foundation to achieve outstanding results. He has a Bachelor of Science in engineering operations from Iowa State University. He served eight years in the U.S. Air Force as an acquisition project officer performing project management duties on a number of different development projects ranging in size from $50,000 to $3 billion. He has also worked as a software developer/analyst for the financial services industry for a period of more than six years. For the past five years, Mr. Ashbaugh has been providing information security services to a number of clients for SES. SES provides leading-edge IT solutions to DoD, government, state agencies, and the private sector. Mr. Ashbaugh may be reached through the Iowa branch office of Software Engineering Services.