Skip to main content
SpringerLink
Log in

Introduction to Software Security Concepts

  • Chapter
  • First Online:
Book cover Innovative Technologies for Dependable OTS-Based Critical Systems

Abstract

The main problem faced by system administrators nowadays is the protection of data against unauthorized access or corruption due to malicious actions. In fact, due to the impressive growth of the Internet, software security has become one vital concern in any information infrastructure. Unfortunately, software security is still commonly misunderstood. This chapter presents key concepts on security, also providing the basis for understanding existing challenges on developing and deploying secure software systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Cachin, C., Camenisch, J., Deswarte, Y., Dobson, J., Horne, D., Kursawe, K., Laprie, J.-C., Lebraud, J.-C., Long, D., McCutcheon, T., Muller, J., Petzold, F., Pfitzmann, B., Powell, D., Randell, B., Schunter, M., Shoup, V., Veríssimo, P., Trouessin, G., Stroud, Robert J., Waidner, M., Welch, I.S.: MAFTIA: reference model and use cases (2000)

    Google Scholar 

  2. Center for Internet Security. http://www.cisecurity.org/

  3. Christey, S., Martin, R.A.: Vulnerability type distributions in CVE. V1. 0. 10, 04 (2006)

    Google Scholar 

  4. Commission of the European Communities: The IT security evaluation manual (ITSEM) (1993)

    Google Scholar 

  5. Echtle, K., Leu, M.: The EFA fault injector for fault-tolerant distributed system testing. In: Workshop on Fault-Tolerant Parallel and Distributed Systems. IEEE Computer Society Press, Amherst (1992)

    Google Scholar 

  6. Fonseca, J., Vieira, M., Madeira, H.: Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks. In: 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007) (2007)

    Google Scholar 

  7. Fonseca, J., Vieira, M., Madeira, H.: Vulnerability & attack injection for web applications. In: IEEE/IFIP International Conference on Dependable Systems & Networks, 2009, DSN ‘09 (2009)

    Google Scholar 

  8. Ghezzi, C., Jazayeri, M., Mandrioli, D.: Fundamentals of software engineering. Prentice Hall PTR, Upper Saddle River (2002)

    Google Scholar 

  9. Howard, M., Leblanc, D.E.: Writing Secure Code. Microsoft Press, Redmond (2002)

    Google Scholar 

  10. Infrastructure, P.K., Profile, T.P.: Common criteria for information technology security evaluation. National Security Agency (2002)

    Google Scholar 

  11. Maxion, R.A., Tan, K.M.C.: Benchmarking anomaly-based detection systems. In: Proceedings International Conference on Dependable Systems and Networks, 2000, DSN 2000 (2000)

    Google Scholar 

  12. McGraw, G., Potter, B.: Software security testing. IEEE Secur. Priv. 2(5), 81–85 (2004)

    Google Scholar 

  13. McGraw, G.: Software security: building security in. Addison-Wesley Professional, Boston (2006)

    Google Scholar 

  14. Neto, A.A., Vieira, M.: A trust-based benchmark for DBMS configurations. In: 15th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC ‘09, pp. 143–150 (2009)

    Google Scholar 

  15. Neto, A.A., Vieira, M.: Towards assessing the security of DBMS configurations. In: IEEE International Conference on Dependable Systems and Networks with FTCS and DCC, DSN 2008, pp. 90–95 (2008)

    Google Scholar 

  16. Neto, A.A., Vieira, M.: Benchmarking untrustworthiness. Int. J. Dependable Trustworthy Inf Syst 1(2), 32–54 (2010)

    Article  Google Scholar 

  17. Neves, N., Antunes, J., Correia, M., Verissimo, P.: Using attack injection to discover new vulnerabilities. In: International Conference on Dependable Systems and Networks, DSN 2006 (2006)

    Google Scholar 

  18. OWASP Foundation: OWASP application security FAQ version 3. http://www.owasp.org/index.php/OWASP_Application_Security_FAQ

  19. Qiu, L., Zhang, Y., Wang, F., Kyung, M., Mahajan, H.R.: Trusted computer system evaluation criteria. In: National Computer Security Center (1985)

    Google Scholar 

  20. Singhal, A., Winograd, T., Scarfone, K.: Guide to secure web services: recommendations of the national institute of standards and technology. Report, National Institute of Standards and Technology, US Department of Commerce (2007)

    Google Scholar 

  21. Stock, A., Williams, J., Wichers, D.: OWASP top 10 (2007)

    Google Scholar 

  22. Stuttard, D., Pinto, M.: The web application hacker’s handbook: discovering and exploiting security flaws. Wiley, Chichester (2007)

    Google Scholar 

  23. Vieira, M., Madeira, H.: Towards a security benchmark for database management systems. In: International Conference on Dependable Systems and Networks, DSN 2005 (2005)

    Google Scholar 

  24. Sandia National Laboratories: Information operations red team and assessmentsTM. http://www.sandia.gov/iorta/

Download references

Author information

Authors and Affiliations

  1. Department of Informatics Engineering, University of Coimbra, DEI, Pólo II—Universidade de Coimbra, 3030-290, Coimbra, Portugal

    Marco Vieira & Nuno Antunes

Authors
  1. Marco Vieira
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nuno Antunes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marco Vieira .

Editor information

Editors and Affiliations

  1. University of Naples - Federico II, Via Claudio 21, Naples, 80125, Italy

    Domenico Cotroneo

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Italia

About this chapter

Cite this chapter

Vieira, M., Antunes, N. (2013). Introduction to Software Security Concepts. In: Cotroneo, D. (eds) Innovative Technologies for Dependable OTS-Based Critical Systems. Springer, Milano. https://doi.org/10.1007/978-88-470-2772-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-88-470-2772-5_3

  • Published:

  • Publisher Name: Springer, Milano

  • Print ISBN: 978-88-470-2771-8

  • Online ISBN: 978-88-470-2772-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation