In The Security Development Lifecycle (SDL), security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.
Topics included: Enough Is Enough: The Threats Have Changed • Current Software Development Methods Fail to Produce Secure Software • A Short History of the SDL at Microsoft • SDL for Management • Stage 0: Education and Awareness • Stage 1: Project Inception • Stage 2: Define and Follow Design Best Practices • Stage 3: Product Risk Assessment • Stage 4: Risk Analysis • Stage 5: Creating Security Documents, Tools, and Best Practices for Customers • Stage 6: Secure Coding Policies • Stage 7: Secure Testing Policies • Stage 8: The Security Push • Stage 9: The Final Security Review • Stage 10: Security Response Planning • Stage 11: Product Release • Stage 12: Security Response Execution • Integrating SDL with Agile Methods • SDL Banned Function Calls • SDL Minimum Cryptographic Standards • SDL-Required Tools and Compiler Options • Threat Tree Patterns.
Download Free PDF / Read Online
Publisher: Microsoft Press
Published: June 2006
File size: 20.52 MB
Number of pages: 348
Download / View Link(s): PDF