The Security Development Lifecycle
Discover how to:
- Use a streamlined risk-analysis process to find security design issues before code is committed
- Apply secure-coding best practices and a proven testing process
- Conduct a final security review before a product ships
- Arm customers with prescriptive guidance to configure and deploy your product more securely
- Establish a plan to respond to new security vulnerabilities
- Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum.
Table of contents
- The Need for the SDL
- Enough Is Enough: The Threats Have Changed
- Current Software Development Methods Fail to Produce Secure Software
- A Short History of the SDL at Microsoft
- SDL for Management
- The Security Development Lifecycle Process
- Stage 0: Education and Awareness
- Stage 1: Project Inception
- Stage 2: Define and FollowDesign Best Practices
- Stage 3: Product Risk Assessment
- Stage 4: Risk Analysis
- Stage 5: Creating Security Documents, Tools, and Best Practices for Customers
- Stage 6: Secure Coding Policies
- Stage 7: Secure Testing Policies
- Stage 8: The Security Push
- Stage 9: The Final Security Review
- Stage 10: Security Response Planning
- Stage 11: Product Release
- Stage 12: Security Response Execution
- SDL Reference Material
- Integrating SDL with Agile Methods
- SDL Banned Function Calls
- SDL Minimum Cryptographic Standards
- SDL-Required Tools and Compiler Options
- Threat Tree Patterns
| Pages : | 348 |
| Size : | 20.7 MB |
| File type : | |
| Downloads: | 55 |
| Created: | 2022-02-03 |
| License: | Open Publication License |
| Author(s): | Michael Howard, Steve Lipner |
Others security Tutorials
Demystifying Internet of Things Security
Rational Cybersecurity for Business
Guide to Computer Network Security, 4th Edition
Web Application Security for Dummies - Qualys Limited Edition
Others related eBooks about The Security Development Lifecycle
Full Listing of Port NumbersYou will find in this document a complete list of TCP and UDP ports with their descriptions, free pdf file in 13 pages for downloading....
Guide to Computer Network SecurityDownload free course Guide to Computer Network Security, pdf file on 572 pages by Joseph Migga Kizza....
Industrial InternetDownload free course Industrial Internet, pdf file on 51 pages by Jon Bruner....
IP Tunneling and VPNs TutorialThe objective of this course is to learn Virtual Private Network (VPN) fundamental and to overview tunneling techniques used for implementation of VPNs. Free pdf tutorial in PDF in 78 pages designed to beginners students....
Networking with the Micro:bitDownload free course Networking with the Micro:bit, pdf file on 73 pages by Cigdem Sengul, Anthony Kir....
Secrets of Network Cartography: A Comprehensive Guide to NmapDownload free eBook about Network cryptography and Nmap, Secrets of Network Cartography: A Comprehensive Guide to Nmap....
Secrets of Network Cartography: A Comprehensive Guide to NmapEver wonder which Nmap scan was the right one to use? Thirteen different Nmap scans are profiled, with advantages, disadvantages, and usage guidelines for each one. Each scan method includes graphical scan descriptions and packet-by-packet analysis! - Nmap's operating system fingerprinting can pro...
Platform Embedded Security Technology RevealedDownload free course Platform Embedded Security Technology Revealed, pdf file on 263 pages by Xiaoyu Ruan....
Download Hacking tutorial in PDFThis tutorial is about testing penetration and ethical hacking, designed to students. Free training document in PDF under 47 pages by Dr. Bruce V. Hartley....
Cisco ACE to NginxDownload free course Cisco ACE to Nginx, pdf file on 51 pages by Faisal Memon....