소프트웨어 개발 프로세스 적용 보안 기술 동향

  • Published : 2016.01.18

Abstract

Keywords

References

  1. Gartner, Now is the time for security at Application Level.[Internet], https://www.sela.co.il/_Uploads/dbsAttachedFiles/GartnerNowIsTheTimeForSecurity.pdf.
  2. Department of Homel and Security, Practical Measurement Framework for Software Assurance and Information Security, http://buildsecurityin.us-cert.gov/.
  3. Microsoft, Introduction to the Microsoft Security Development Life cycle[Internet], http://www.microsoft.com/security/sdl
  4. McDermott, John, and Chris Fox. "Using abuse case models for security requirements analysis." Computer Security Applications Conference, 1999.(ACSAC'99) Proceedings. 15th Annual. IEEE, 1999.
  5. MCDERMOTT, John; FOX, Chris. Using abuse case models for security requirements analysis. In: Computer Security Applications Conference, 1999.(ACSAC'99) Proceedings. 15th Annual. IEEE, 1999. p. 55-64.
  6. Alexander, Ian. "Misuse cases: Use cases with hostile intent." Software, IEEE 20.1 (2003): 58-66.
  7. Dougherty, Chad R., Kirk Sayre, Robert Seacord, David Svoboda, and Kazuya Togashi. "Secure design patterns.", Carnegie Mellon University, March, 2009
  8. ms Threat Modeling, https://msdn.microsoft.com/en-us/library/ff648644.aspx
  9. Mitre, CWE./SANS Top 25[Internet], http://cwe.mitre.org/top25/.
  10. OWASPTop10,https://www.owasp.org/index.php/Top_10_2013-Top_10
  11. Hush, Mei-Chen, Timothy K. Tsai, and Ravishankar K.Iyer. "Fault injection techniques and tools." Computer 30.4, 1997, pp. 75-82. https://doi.org/10.1109/2.585157
  12. "Source code instrumentation overview" IBMwebsite, http://www-01.ibm.com/support/knowledgecenter/#!/SSSHUF_8.0.0/com.ibm.rational.testrt.doc/topics/cinstruovw.html