Download free course The Security Development Lifecycle, pdf file on 348 pages by Michael Howard, Steve Lipner.
Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs - the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL - from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.
Discover how to:
- Use a streamlined risk-analysis process to find security design issues before code is committed
- Apply secure-coding best practices and a proven testing process
- Conduct a final security review before a product ships
- Arm customers with prescriptive guidance to configure and deploy your product more securely
- Establish a plan to respond to new security vulnerabilities
- Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum.
Discover how to:
- Use a streamlined risk-analysis process to find security design issues before code is committed
- Apply secure-coding best practices and a proven testing process
- Conduct a final security review before a product ships
- Arm customers with prescriptive guidance to configure and deploy your product more securely
- Establish a plan to respond to new security vulnerabilities
- Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum.
Table of contents
- The Need for the SDL
- Enough Is Enough: The Threats Have Changed
- Current Software Development Methods Fail to Produce Secure Software
- A Short History of the SDL at Microsoft
- SDL for Management
- The Security Development Lifecycle Process
- Stage 0: Education and Awareness
- Stage 1: Project Inception
- Stage 2: Define and FollowDesign Best Practices
- Stage 3: Product Risk Assessment
- Stage 4: Risk Analysis
- Stage 5: Creating Security Documents, Tools, and Best Practices for Customers
- Stage 6: Secure Coding Policies
- Stage 7: Secure Testing Policies
- Stage 8: The Security Push
- Stage 9: The Final Security Review
- Stage 10: Security Response Planning
- Stage 11: Product Release
- Stage 12: Security Response Execution
- SDL Reference Material
- Integrating SDL with Agile Methods
- SDL Banned Function Calls
- SDL Minimum Cryptographic Standards
- SDL-Required Tools and Compiler Options
- Threat Tree Patterns
| Pages : | 348 |
| Size : | 20.7 MB |
| Downloads: | 90 |
| Created: | 2022-02-03 |
| License: | Open Publication License |
| Author(s): | Michael Howard, Steve Lipner |
Warning: Trying to access array offset on false in /home/tutovnfz/public_html/amp/article-amp.php on line 263
Others related eBooks about The Security Development Lifecycle
The cybersecurity action plan is a critical element of cybersecurity readiness. This tutorial explains what goes into these plans and how to start one.
Download free course Managing Risk and Information Security, pdf file on 152 pages by Malcolm Harkins.
Download free course Guide to Computer Network Security, pdf file on 572 pages by Joseph Migga Kizza.
Gone are the days when it was acceptable for a piece of software to live in its own little..., download free API Security tutorial in PDF (205 pages) created by .
Use the guidance in this comprehensive field guide to gain the support of your top executi..., download free Cybersecurity tutorial in PDF (333 pages) created by Dan Blum .