The Security Development Lifecycle

SDL: A Process for Developing Demonstrably More Secure Software

by Michael Howard, Steve Lipner

DescriptionTable of ContentsDetailsHashtagsReport an issue

Book Description

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs - the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL - from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.

Discover how to:
- Use a streamlined risk-analysis process to find security design issues before code is committed
- Apply secure-coding best practices and a proven testing process
- Conduct a final security review before a product ships
- Arm customers with prescriptive guidance to configure and deploy your product more securely
- Establish a plan to respond to new security vulnerabilities
- Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum.

This open book is licensed under a Open Publication License (OPL). You can download The Security Development Lifecycle ebook for free in PDF format (20.7 MB).

Table of Contents

Part I
The Need for the SDL
 
Chapter 1
Enough Is Enough: The Threats Have Changed
 
Chapter 2
Current Software Development Methods Fail to Produce Secure Software
 
Chapter 3
A Short History of the SDL at Microsoft
 
Chapter 4
SDL for Management
 
Part II
The Security Development Lifecycle Process
 
Chapter 5
Stage 0: Education and Awareness
 
Chapter 6
Stage 1: Project Inception
 
Chapter 7
Stage 2: Define and FollowDesign Best Practices
 
Chapter 8
Stage 3: Product Risk Assessment
 
Chapter 9
Stage 4: Risk Analysis
 
Chapter 10
Stage 5: Creating Security Documents, Tools, and Best Practices for Customers
 
Chapter 11
Stage 6: Secure Coding Policies
 
Chapter 12
Stage 7: Secure Testing Policies
 
Chapter 13
Stage 8: The Security Push
 
Chapter 14
Stage 9: The Final Security Review
 
Chapter 15
Stage 10: Security Response Planning
 
Chapter 16
Stage 11: Product Release
 
Chapter 17
Stage 12: Security Response Execution
 
Part III
SDL Reference Material
 
Chapter 18
Integrating SDL with Agile Methods
 
Chapter 19
SDL Banned Function Calls
 
Chapter 20
SDL Minimum Cryptographic Standards
 
Chapter 21
SDL-Required Tools and Compiler Options
 
Chapter 22
Threat Tree Patterns
 

Book Details

Publisher
Microsoft Press
Published
2006
Pages
348
Edition
1
Language
English
ISBN13 Digital
9780735622142
ISBN10 Digital
0735622140
PDF Size
20.7 MB
License
Open Publication License

Related Books

Platform Embedded Security Technology Revealed
Platform Embedded Security Technology Revealed is an in-depth introduction to Intel's platform embedded solution: the security and management engine. The engine is shipped inside most Intel platforms for servers, personal computers, tablets, and smartphones. The engine realizes advanced security and management functionalities and protects applicati...
Containerized Docker Application Lifecycle with Microsoft Platform and Tools
This book provides end-to-end guidance on the Docker application development lifecycle with Microsoft tools and services while providing an introduction to Docker development concepts for readers who might be new to the Docker ecosystem. This way, anyone can understand the global picture and start planning development projects based on Docker and M...
Field Guide to the Distributed Development Stack
When you explore a new technology landscape, the journey can take you to places you never expected. Take O'Reilly's CTO, Andrew Odewahn. While working on ideas for a new publishing platform, Andrew kept notes as he probed the depth and breadth of what we call the "distributed development stack" (DDS). As patterns emerged, and as Andrew...
The Hindu Kush Himalaya Assessment
This open access volume is the first comprehensive assessment of the Hindu Kush Himalaya (HKH) region. It comprises important scientific research on the social, economic, and environmental pillars of sustainable mountain development and will serve as a basis for evidence-based decision-making to safeguard the environment and advance people's well-b...
United Nations Peace Operations in a Changing Global Order
This open access volume explores how UN peace operations are adapting to four trends in the changing global order: (1) the rebalancing of relations between states of the global North and the global South; (2) the rise of regional organisations as providers of peace; (3) the rise of violent extremism and fundamentalist non-state actors; and (4) incr...
Demystifying Internet of Things Security
Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. The IoT presents unique challenges in implementing security and Inte...