The Security Development Lifecycle
Discover how to:
- Use a streamlined risk-analysis process to find security design issues before code is committed
- Apply secure-coding best practices and a proven testing process
- Conduct a final security review before a product ships
- Arm customers with prescriptive guidance to configure and deploy your product more securely
- Establish a plan to respond to new security vulnerabilities
- Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum.
Table of contents
- The Need for the SDL
- Enough Is Enough: The Threats Have Changed
- Current Software Development Methods Fail to Produce Secure Software
- A Short History of the SDL at Microsoft
- SDL for Management
- The Security Development Lifecycle Process
- Stage 0: Education and Awareness
- Stage 1: Project Inception
- Stage 2: Define and FollowDesign Best Practices
- Stage 3: Product Risk Assessment
- Stage 4: Risk Analysis
- Stage 5: Creating Security Documents, Tools, and Best Practices for Customers
- Stage 6: Secure Coding Policies
- Stage 7: Secure Testing Policies
- Stage 8: The Security Push
- Stage 9: The Final Security Review
- Stage 10: Security Response Planning
- Stage 11: Product Release
- Stage 12: Security Response Execution
- SDL Reference Material
- Integrating SDL with Agile Methods
- SDL Banned Function Calls
- SDL Minimum Cryptographic Standards
- SDL-Required Tools and Compiler Options
- Threat Tree Patterns
| Pages : | 348 |
| Size : | 20.7 MB |
| File type : | |
| Downloads: | 33 |
| Created: | 2022-02-03 |
| License: | Open Publication License |
| Author(s): | Michael Howard, Steve Lipner |
Others security Tutorials
Web Application Security Guide
Guide to Computer Network Security, 4th Edition
Web Application Security for Dummies - Qualys Limited Edition
Others related eBooks about The Security Development Lifecycle
Network Security TutorialDownload free Network Security Tutorial in PDF for beginners (Network Security Fundamentals, Why We Need Security, Definitions and Concepts)....
Security Infrastructure Technology for Integrated Utilization of Big DataDownload free course Security Infrastructure Technology for Integrated Utilization of Big Data, pdf file on 171 pages by Atsuko Miyaji, Tomoaki Mimoto....
802.11 WLAN Systems TutorialDownload free 802.11 WLAN Systems course material, tutorial training, a PDF in 53 pages by veriwave, free document designated to intermediate level users....
Beginner's Guide to IP AddressesDownload free IP Adresses Beginner's Tutorial course material by ICANN on 12 pages....
Managing Risk and Information SecurityDownload free course Managing Risk and Information Security, pdf file on 152 pages by Malcolm Harkins....
Industrial InternetDownload free course Industrial Internet, pdf file on 51 pages by Jon Bruner....
Introduction to Network securityDownload a free Network security training course material ,a PDF file unde 16 pages by Matt Curtin....
An Introduction to Computer NetworksDownload free course An Introduction to Computer Networks, pdf file on 896 pages by by Peter L Dordal....
Rational Cybersecurity for BusinessDownload free course Rational Cybersecurity for Business, pdf file on 349 pages by Dan Blum....
The Internet MythDownload free course The Internet Myth, pdf file on 169 pages by Paolo Bory....