The Security Development Lifecycle
SDL: A Process for Developing Demonstrably More Secure Software
by Michael Howard, Steve Lipner
DescriptionTable of ContentsDetailsHashtagsReport an issue
Discover how to:
- Use a streamlined risk-analysis process to find security design issues before code is committed
- Apply secure-coding best practices and a proven testing process
- Conduct a final security review before a product ships
- Arm customers with prescriptive guidance to configure and deploy your product more securely
- Establish a plan to respond to new security vulnerabilities
- Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum. 
Book Description
Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs - the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL - from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.Discover how to:
- Use a streamlined risk-analysis process to find security design issues before code is committed
- Apply secure-coding best practices and a proven testing process
- Conduct a final security review before a product ships
- Arm customers with prescriptive guidance to configure and deploy your product more securely
- Establish a plan to respond to new security vulnerabilities
- Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum.
This open book is licensed under a Open Publication License (OPL). You can download The Security Development Lifecycle ebook for free in PDF format (20.7 MB).
Table of Contents
Part I
The Need for the SDL
Chapter 1
Enough Is Enough: The Threats Have Changed
Chapter 2
Current Software Development Methods Fail to Produce Secure Software
Chapter 3
A Short History of the SDL at Microsoft
Chapter 4
SDL for Management
Part II
The Security Development Lifecycle Process
Chapter 5
Stage 0: Education and Awareness
Chapter 6
Stage 1: Project Inception
Chapter 7
Stage 2: Define and FollowDesign Best Practices
Chapter 8
Stage 3: Product Risk Assessment
Chapter 9
Stage 4: Risk Analysis
Chapter 10
Stage 5: Creating Security Documents, Tools, and Best Practices for Customers
Chapter 11
Stage 6: Secure Coding Policies
Chapter 12
Stage 7: Secure Testing Policies
Chapter 13
Stage 8: The Security Push
Chapter 14
Stage 9: The Final Security Review
Chapter 15
Stage 10: Security Response Planning
Chapter 16
Stage 11: Product Release
Chapter 17
Stage 12: Security Response Execution
Part III
SDL Reference Material
Chapter 18
Integrating SDL with Agile Methods
Chapter 19
SDL Banned Function Calls
Chapter 20
SDL Minimum Cryptographic Standards
Chapter 21
SDL-Required Tools and Compiler Options
Chapter 22
Threat Tree Patterns
Book Details
Title
The Security Development Lifecycle
Subject
Computer Science
Publisher
Microsoft Press
Published
2006
Pages
348
Edition
1
Language
English
ISBN13 Digital
9780735622142
ISBN10 Digital
0735622140
PDF Size
20.7 MB
License
Open Publication License
Related Books
Platform Embedded Security Technology Revealed is an in-depth introduction to Intel's platform embedded solution: the security and management engine. The engine is shipped inside most Intel platforms for servers, personal computers, tablets, and smartphones. The engine realizes advanced security and management functionalities and protects appl...
When you explore a new technology landscape, the journey can take you to places you never expected. Take O'Reilly's CTO, Andrew Odewahn. While working on ideas for a new publishing platform, Andrew kept notes as he probed the depth and breadth of what we call the "distributed development stack" (DDS).
As patterns emerged, and...
This book provides end-to-end guidance on the Docker application development lifecycle with Microsoft tools and services while providing an introduction to Docker development concepts for readers who might be new to the Docker ecosystem. This way, anyone can understand the global picture and start planning development projects based on Docker and M...
This open access volume is the first comprehensive assessment of the Hindu Kush Himalaya (HKH) region. It comprises important scientific research on the social, economic, and environmental pillars of sustainable mountain development and will serve as a basis for evidence-based decision-making to safeguard the environment and advance people's w...
This open access volume explores how UN peace operations are adapting to four trends in the changing global order: (1) the rebalancing of relations between states of the global North and the global South; (2) the rise of regional organisations as providers of peace; (3) the rise of violent extremism and fundamentalist non-state actors; and (4) incr...
Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth.
The IoT presents unique challenges in implementing security and Inte...