Discover how to:
- Use a streamlined risk-analysis process to find security design issues before code is committed
- Apply secure-coding best practices and a proven testing process
- Conduct a final security review before a product ships
- Arm customers with prescriptive guidance to configure and deploy your product more securely
- Establish a plan to respond to new security vulnerabilities
- Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum.
Table of contents
- The Need for the SDL
- Enough Is Enough: The Threats Have Changed
- Current Software Development Methods Fail to Produce Secure Software
- A Short History of the SDL at Microsoft
- SDL for Management
- The Security Development Lifecycle Process
- Stage 0: Education and Awareness
- Stage 1: Project Inception
- Stage 2: Define and FollowDesign Best Practices
- Stage 3: Product Risk Assessment
- Stage 4: Risk Analysis
- Stage 5: Creating Security Documents, Tools, and Best Practices for Customers
- Stage 6: Secure Coding Policies
- Stage 7: Secure Testing Policies
- Stage 8: The Security Push
- Stage 9: The Final Security Review
- Stage 10: Security Response Planning
- Stage 11: Product Release
- Stage 12: Security Response Execution
- SDL Reference Material
- Integrating SDL with Agile Methods
- SDL Banned Function Calls
- SDL Minimum Cryptographic Standards
- SDL-Required Tools and Compiler Options
- Threat Tree Patterns
Pages : | 348 |
Size : | 20.7 MB |
Downloads: | 56 |
Created: | 2022-02-03 |
License: | Open Publication License |
Author(s): | Michael Howard, Steve Lipner |
Others related eBooks about The Security Development Lifecycle
This is a series of lessons that's basic about the networking concepts, networking tools, security and countermeasures.
Over 75% of network attacks are targeted at the web application layer. This book provides explicit hacks, tutorials, penetration tests, and step-by-step demonstrations for security professionals and Web application developers to defend their most vulnerable applications.
Download a free Network security training course material ,a PDF file unde 16 pages by Matt Curtin.
Download free course Managing Risk and Information Security, pdf file on 152 pages by Malcolm Harkins.
Use the guidance in this comprehensive field guide to gain the support of your top executi..., download free Cybersecurity tutorial in PDF (333 pages) created by Dan Blum .