作者:张仁斌,谢昭,吴克伟主编
页数:345页
出版社:电子工业出版社
出版日期:2024
ISBN:9787121476082
电子书格式:pdf/epub/txt
网盘下载地址:下载软件安全理论与实践
内容简介
本书以软件生命周期为脉络,以软件安全风险评估、风险控制技术及软件安全评估指标、软件安全能力成熟度指标为引领,将安全理念、安全模型、安全方法与常见的软件过程模型相融合,系统介绍在软件开发的每个环节保障软件安全的原理和方法,包括安全需求分析、安全设计、安全编码、安全测试及软件部署运维中安全配置与软件加固等各环节的流程与常用方法,用于全面指导软件安全开发,树立软件开发人员的安全意识,以期减少或杜绝软件的安全问题,提高软件的抗攻击能力和安全可信度,助力软件在各领域、各行业的推广应用。本书适用于高等院校的计算机科学与技术、软件工程、网络空间安全、信息安全专业的本科生,也适用于与软件开发相关的其他各类学生或软件开发从业者。
作者简介
张仁斌,合肥工业大学计算机与信息学院副教授,2004年参与合肥工业大学新成立的信息安全专业的专业建设,并承担《计算机病毒与反病毒》课程教学工作,此后陆续承担《计算机网络系统实践》《网络工程师综合实训》、《软件安全》《信息安全专业导论》《系统与软件安全综合设计》等多门课程的主讲或实践指导;主编国家”十一·五”规划教材1部(计算机病毒与反病毒技术,第1主编)、安徽省”十一·五”规划教材1部(网络与信息安全系列课程实践教程,第2主编),参编教材2部。主持安徽省教育厅教学研究课题《计算机病毒与网络攻防教学研究与实践》、虚拟仿真实验教学项目《工控网络攻防虚拟仿真实验教学》;主持安徽省年度重点项目8项;参与省市科技攻关项目、863项目13项;公开发表学术论文20余篇。
目录
第1 章 软件与软件安全······································································································1
1.1 软件安全范畴········································································································1
1.1.1 软件与软件安全的定义····················································································1
1.1.2 软件缺陷与漏洞·····························································································3
1.1.3 软件漏洞分类································································································6
1.1.4 软件安全与其他安全的关系···········································································.12
1.2 软件安全现状·····································································································.15
1.2.1 软件安全总体情况·······················································································.15
1.2.2 系统软件安全现状·······················································································.17
1.2.3 应用软件安全现状·······················································································.18
1.2.4 开源软件安全现状·······················································································.19
1.3 安全事件的根源··································································································.21
1.3.1 软件漏洞是安全问题的焦点···········································································.21
1.3.2 产生软件漏洞的原因····················································································.24
1.4 缓解软件安全问题的途径与方法··········································································.27
1.4.1 缓解软件安全问题的基本策略········································································.27
1.4.2 缓解软件安全问题的工程化方法·····································································.28
1.4.3 软件安全问题的标准化、规范化解决之路·························································.29
1.4.4 缓解软件安全问题的技术探索与举措·······························································.31
实践任务···················································································································.34
任务1:相对路径攻击···························································································.34
任务2:SQL 注入攻击··························································································.35
思考题······················································································································.35
第2 章 软件的工程化安全方法·························································································.36
2.1 软件工程概述·····································································································.36
2.1.1 软件的发展过程··························································································.36
2.1.2 软件危机···································································································.37
2.1.3 软件工程···································································································.38
2.1.4 软件生命周期·····························································································.40
2.2 软件过程模型·····································································································.43
2.2.1 瀑布模型···································································································.44
2.2.2 快速原型模型·····························································································.45
2.2.3 增量模型···································································································.46
2.2.4 螺旋模型···································································································.47
2.2.5 微软MSF 过程模型······················································································.48
2.3 软件质量与软件的安全特性·················································································.49
2.3.1 软件质量···································································································.50
2.3.2 软件的安全特性··························································································.52
2.3.3 软件安全特性与软件质量的关系······
1.1 软件安全范畴········································································································1
1.1.1 软件与软件安全的定义····················································································1
1.1.2 软件缺陷与漏洞·····························································································3
1.1.3 软件漏洞分类································································································6
1.1.4 软件安全与其他安全的关系···········································································.12
1.2 软件安全现状·····································································································.15
1.2.1 软件安全总体情况·······················································································.15
1.2.2 系统软件安全现状·······················································································.17
1.2.3 应用软件安全现状·······················································································.18
1.2.4 开源软件安全现状·······················································································.19
1.3 安全事件的根源··································································································.21
1.3.1 软件漏洞是安全问题的焦点···········································································.21
1.3.2 产生软件漏洞的原因····················································································.24
1.4 缓解软件安全问题的途径与方法··········································································.27
1.4.1 缓解软件安全问题的基本策略········································································.27
1.4.2 缓解软件安全问题的工程化方法·····································································.28
1.4.3 软件安全问题的标准化、规范化解决之路·························································.29
1.4.4 缓解软件安全问题的技术探索与举措·······························································.31
实践任务···················································································································.34
任务1:相对路径攻击···························································································.34
任务2:SQL 注入攻击··························································································.35
思考题······················································································································.35
第2 章 软件的工程化安全方法·························································································.36
2.1 软件工程概述·····································································································.36
2.1.1 软件的发展过程··························································································.36
2.1.2 软件危机···································································································.37
2.1.3 软件工程···································································································.38
2.1.4 软件生命周期·····························································································.40
2.2 软件过程模型·····································································································.43
2.2.1 瀑布模型···································································································.44
2.2.2 快速原型模型·····························································································.45
2.2.3 增量模型···································································································.46
2.2.4 螺旋模型···································································································.47
2.2.5 微软MSF 过程模型······················································································.48
2.3 软件质量与软件的安全特性·················································································.49
2.3.1 软件质量···································································································.50
2.3.2 软件的安全特性··························································································.52
2.3.3 软件安全特性与软件质量的关系······
