第25個冬天

  Importance of Gathering Security Requirements Security Requirements Software security requirements are non functional requirements , which need to be addressed to maintain the confidentiality , integrity and availability of the application. Stakeholders often overlook security requirement during the inception phase of software development. This negligence may result in the application being vulnerable to different types of attacks or getting abused. Gathering security requirements should be part of the strategic application development process . Stakeholders參與溝通會議者 negligence 疏忽 Gathering Security Requirements Elicitine software security requirements takes different approach It should be enumerated separate from the functional requirement so that they can be reviewed and tested separately Mixing security requirement with functional requirement can make security requirement gathering process more complicated and inaccurate Elicitine 引、探出 enumerated 列舉 Why We Need Different...

  在看教材時候常遇到的英文專有名詞 General : Cont'd (continue的縮寫) Secure Development Life Cycle (常見縮寫: SDLC,SDL) : 安全開發生命週期 Vulnerabilities : 弱點、漏洞 Confidentiality : 機密性 Integrity : 完整性 Availability : 可(持續)存取使用性 exploit : 漏洞利用 Intrusion : 入侵 Authentication : 驗證、認證(Who you are , Verifies credentials  ) Authorization : 授權(Access resource different level roles ,Grants or denies permissions) defend : 防禦 legitimate : 合法的 hijacking : 劫持 manipulation : 操縱(控) fraud : 詐欺、舞弊(作弊) theft : 盜竊 privileges : 特權 tampering : 竄改 Forgery : 偽造(仿冒) victim : 受害者 negligence : 疏忽 Failure : 失敗 flaws : 缺陷 malware : 惡意軟體 SDL或SDLC (Software Development Life Cycle) Module 01 Understanding Application Security, Threats, and Attacks "A vulnerability in an application will allow a malicious user to exploit a network or a host" Carlos Lyons It's a common myth that perimeter security controls such as firewall , IDS can secure your application but it's not true as these controls  are not effective  to d...

EC-Council國際電子商務顧問(The International Council of Electronic Commerce Consultants)由多個國際專業組織成員像是來自哈佛大學、紐約市立大學、加利福尼亞大學、澳洲昆士蘭中央大學等大學教授，講師以及從事電子商務的企業界人士組成，還有來自Microsoft,IBM,SONY,Cisco等國際著名機構的代表。 是致力於推動電子商務解決方案與資訊安全的組織，負責相關的認證制度、教育訓練、顧問服務、會員權益等。   Who is an Application Security Engineer? An Application Security Engineer is a professional with essential and fundamental skills to develop secure and robust applications. Secure programmers have mastery and skills to code securely, identify common application flaws, and debug the errors. Become a Certified Application Security Engineer (CASE) The CASE certification is an perfect title for application security engineers, analysts, testers, and anyone with exposure to any phase of SDLC. Holding this title proves capabilities to build secure applications that are robust enough to meet today’s challenging operational environment by focusing not just on secure coding, but much more. CASE .Net Certification: The CASE .Net certification is intended f...