Johannes Sametinger,
"Software Security"
: IEEE ECBS 2013, 20th Annual IEEE International Conference and Workshops on the Engineering of Computer Based Systems (ECBS), Phoenix AZ, 22-24 April 2013., 4-2013
Original Titel:
Software Security
Sprache des Titels:
Englisch
Original Buchtitel:
IEEE ECBS 2013, 20th Annual IEEE International Conference and Workshops on the Engineering of Computer Based Systems (ECBS), Phoenix AZ, 22-24 April 2013.
Original Kurzfassung:
The importance of IT security is out of doubt. Data, computer and network security are essential for any business or organization. Software security, however, all too often remains out of focus, both from a developer's and from a user's point of view. As a motivation, we will first consider various current security issues taken from the media and point out where software security has played a significant role. We will then present a thorough introduction to software security. We will differentiate software security from IT security, network security, computer security, and also from software safety. Prominent examples of software security bugs are buffer overflows, SQL injection and cross-site scripting. We explain the basic ideas behind such vulnerabilities, give recent examples where these bugs have occurred, and describe the damage they have caused. Next, we will differentiate security bugs from security flaws and again give recent examples. Mitigation issues will be viewed from two different perspectives, from the developer?s point of view and from the end-user?s point of view. What does it need to develop secure software? For developers, we will introduce the security touch points, the security development life-cycle, and issues of secure coding. For end-users, we will present a recent case study that demonstrates the importance of software updates. However, technical aspects are not sufficient to guarantee security. A real world example will remind us that humans remain the weakest link in the security chain.