LEADER 04873nam  22006375  450 
001 9910770247303321
005 20231215134611.0
010   $a3-031-42212-0
024 7 $a10.1007/978-3-031-42212-6
035   $a(MiAaPQ)EBC31021849
035   $a(Au-PeEL)EBL31021849
035   $a(DE-He213)978-3-031-42212-6
035   $a(EXLCZ)9929403468400041
100   $a20231215d2024      u|             0
101 0 $aeng
135   $aurcnu||||||||
181   $ctxt$2rdacontent
182   $cc$2rdamedia
183   $acr$2rdacarrier
200 10$aCyberSecurity in a DevOps Environment$b[electronic resource] $eFrom Requirements to Monitoring /$fedited by Andrey Sadovykh, Dragos Truscan, Wissam Mallouli, Ana Rosa Cavalli, Cristina Seceleanu, Alessandra Bagnato
205   $a1st ed. 2024.
210  1$aCham :$cSpringer Nature Switzerland :$cImprint: Springer,$d2024.
215   $a1 online resource (329 pages)
311 08$aPrint version: Sadovykh, Andrey CyberSecurity in a DevOps Environment Cham : Springer,c2024 9783031422119 
327   $aPart I: Security Requirements Engineering -- 1. A Taxonomy of Vulnerabilities, Attacks, and Security Solutions in Industrial PLCs -- 2. Natural Language Processing with Machine Learning for Security Requirements Analysis - Practical Approaches -- 3. Security Requirements Formalisation with RQCODE -- Part II: Prevention at Development Time -- 4. Vulnerability Detection and Response: Current Status and New Approaches -- 5. Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems -- 6. Interactive Application Security Testing with Hybrid Fuzzing and Statistical Estimators -- Part III: Protection at Operations -- 7. CTAM: a tool for Continuous Threat Analysis and Management -- 8. EARLY - a tool for real-time security attack detection -- 9. A Stream-Based Approach to Intrusion Detection -- 10. Towards Anomaly Detection using Explainable AI. .
330   $aThis book provides an overview of software security analysis in a DevOps cycle including requirements formalisation, verification and continuous monitoring. It presents an overview of the latest techniques and tools that help engineers and developers verify the security requirements of large-scale industrial systems and explains novel methods that enable a faster feedback loop for verifying security-related activities, which rely on techniques such as automated testing, model checking, static analysis, runtime monitoring, and formal methods. The book consists of three parts, each covering a different aspect of security engineering in the DevOps context. The first part, "Security Requirements", explains how to specify and analyse security issues in a formal way. The second part, "Prevention at Development Time", offers a practical and industrial perspective on how to design, develop and verify secure applications. The third part, "Protection at Operations", eventually introduces tools for continuous monitoring of security events and incidents. Overall, it covers several advanced topics related to security verification, such as optimizing security verification activities, automatically creating verifiable specifications from security requirements and vulnerabilities, and using these security specifications to verify security properties against design specifications and generate artifacts such as tests or monitors that can be used later in the DevOps process. The book aims at computer engineers in general and does not require specific knowledge. In particular, it is intended for software architects, developers, testers, security professionals, and tool providers, who want to define, build, test, and verify secure applications, Web services, and industrial systems.
606   $aSoftware engineering
606   $aData protection
606   $aComputer programs$xTesting
606   $aCooperating objects (Computer systems)
606   $aSoftware Engineering
606   $aData and Information Security
606   $aSoftware Testing
606   $aCyber-Physical Systems
615  0$aSoftware engineering.
615  0$aData protection.
615  0$aComputer programs$xTesting.
615  0$aCooperating objects (Computer systems).
615 14$aSoftware Engineering.
615 24$aData and Information Security.
615 24$aSoftware Testing.
615 24$aCyber-Physical Systems.
676   $a005.10289
700   $aSadovykh$b Andrey$01460300
701   $aTruscan$b Dragos$01460301
701   $aMallouli$b Wissam$01460302
701   $aCavalli$b Ana Rosa$0867218
701   $aSeceleanu$b Cristina$01378505
701   $aBagnato$b Alessandra$01460303
801  0$bMiAaPQ
801  1$bMiAaPQ
801  2$bMiAaPQ
906   $aBOOK
912   $a9910770247303321
996   $aCyberSecurity in a DevOps Environment$93660163
997   $aUNINA