Software Security

Learn application security from the very start with this comprehensive and approachable guide. Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development. This book covers all the basic subjects such as threat modeling and security testing, but also dives deep into more complex and advanced topics for securing modern software systems and architectures.

Immerse yourself in the world of software security with the new eBook "Secure Development." This comprehensive guide provides meticulous insights into the creation of secure, resilient applications, addressing common misconceptions and guiding you through the foundations of application security. Learn to understand, anticipate, and mitigate application attacks, and master the basic principles of creating a robust defense system for your software. Delve into the specifics of secure designing that can inhibit cyber attackers from exploiting your application. From minimizing the attack surface...

As a public good, open-source software is supported by diverse and wide-ranging communities—which are composed of individual maintainers, non-profit software foundations, and corporate stewards. CISA must integrate into and support these communities, with a particular focus on the critical OSS components that the federal government and critical infrastructure systems rely upon.

In this comprehensive guide, authors Kelly Shortridge and Aaron Rinehart help you navigate the challenges of sustaining resilience in complex software systems by using the principles and practices of security chaos engineering. By preparing for adverse events, you can ensure they don't disrupt your ability to innovate, move quickly, and achieve your engineering and business goals.

Dive into the world of programming with "The Art of C Programming" - a comprehensive guide that will empower you to unleash the full potential of the powerful C programming language. If you're a beginner embarking on your coding journey or an experienced programmer seeking to improve your skills, this eBook has got you covered! The Art of C Programming meticulously takes you through a vast range of C programming concepts that cover everything from syntax, datatypes, and variables, to advanced topics such as multithreading, networking applications, and graphical user interfaces. This ...

This fact sheet will assist with better management of risk from OSS use in OT products and increase resilience using available resources. While several resources and recommendations within this fact sheet are best suited for execution by the vendor or the critical infrastructure owner, collaboration across parties will result in less friction for operator workflows and promote a safer, more reliable system and provision of National Critical Functions.

Modern society relies heavily on software-based automation, implicitly trusting developers to write software that operates in the expected way and cannot be compromised for malicious purposes. While developers often perform rigorous testing to prepare the logic in software for surprising conditions, exploitable software vulnerabilities are still frequently based on memory issues. Examples include overflowing a memory buffer and leveraging issues with how software allocates and de-allocates memory.

A former US Navy intelligence officer, David Locke Hall was a federal prosecutor when a bizarre-sounding website, CRACK99, came to his attention. It looked like Craigslist on acid, but what it sold was anything but amateurish: thousands of high-tech software products used largely by the military, and for mere pennies on the dollar. Want to purchase satellite tracking software? No problem. Aerospace and aviation simulations? No problem. Communications systems designs? No problem.

Unmitigated vulnerabilities in the software supply chain continue to pose a significant risk to organizations and our nation. This paper builds on the previously released Recommended Practices Guide for a software supply chain’s development, production and distribution, and management processes, to further increase the resiliency of these processes against compromise.

The dramatic increase in cyber compromises over the past five years, specifically of software supply chains, prompted intense scrutiny of measures to strengthen the resilience of supply chains for software used throughout government and critical infrastructure. Several policies and working groups at multiple levels within the U.S. Government focus on this need to ensure the authenticity, integrity, and trustworthiness of software products.

Remote access software and tools comprise a broad array of capabilities used to maintain and improve IT, operational technology (OT), and industrial control systems (ICS) services; they allow a proactive and flexible approach for organizations to remotely oversee networks, computers, and other devices.