The Security Development Lifecycle: SDL, a Process for Developing Demonstrably More Secure Software

Front Cover
Microsoft Press, 2006 - Computers - 320 pages

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs--the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL--from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.

Discover how to:

  • Use a streamlined risk-analysis process to find security design issues before code is committed
  • Apply secure-coding best practices and a proven testing process
  • Conduct a final security review before a product ships
  • Arm customers with prescriptive guidance to configure and deploy your product more securely
  • Establish a plan to respond to new security vulnerabilities
  • Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum

Includes a CD featuring:

  • A six-part security class video conducted by the authors and other Microsoft security experts
  • Sample SDL documents and fuzz testing tool

PLUS--Get book updates on the Web.

For customers who purchase an ebook version of this title, instructions for downloading the CD files can be found in the ebook.

From inside the book

 

39 pages matching database in this book

Where's the rest of this book?

Results 1-3 of 39

Contents

The Need for the
1
Current Software Development Methods Fail
17
The Security Development Lifecycle Process
50
Copyright

28 other sections not shown

Common terms and phrases

Agile methods algorithms application AppVerif attack surface authentication buffer overrun build CERT Chapter code reviews compiler component configuration create cryptographic customers data flow data store database default development team DFD Element documentation encryption engineering example Execution exploit external entity feature Final Security Review function fuzz testing Howard important information disclosure Internet issues LeBlanc Microsoft NET Microsoft Windows mitigations MSDN MSRC NET Framework operating system Pet Shop 4.0 potential privilege product team protect protocol release response center response process Risk level Safe CRT Secure Code secure software Security Advisor security and privacy security bugs security bulletins Security Development Lifecycle security push security researchers security response security testing security update security vulnerabilities software development source-code analysis tools Spoofing SQL Server strncpy StrSafe Table threat models Threat tree Trustworthy Computing valid Visual Studio 2005 vulnerability report Windows Server 2003

About the author (2006)

Michael Howard, CISSP, is a leading security expert. He is a senior security program manager at Microsoft® and the coauthor of The Software Security Development Lifecycle. Michael has worked on Windows security since 1992 and now focuses on secure design, programming, and testing techniques. He is the consulting editor for the Secure Software Development Series of books by Microsoft Press. Steve Lipner, CISSP, is the senior director of Security Engineering Strategy for Microsoft. He is responsible for defining and updating the Security Development Lifecycle and has pioneered numerous security techniques. Steve has over 35 years' experience as a researcher, development manager, and general manager in IT security.

Bibliographic information

TitleThe Security Development Lifecycle: SDL, a Process for Developing Demonstrably More Secure Software
Best practices
Developer Best Practices Series
ITPro collection
Microsoft Press Series
Safari Books Online
Secure software development series
AuthorsMichael Howard, Steve Lipner
Editionillustrated
PublisherMicrosoft Press, 2006
Original fromthe University of California
DigitizedApr 12, 2011
ISBN0735622140, 9780735622142
Length320 pages
Subjects ›  › 

Computers / Operating Systems / Windows Desktop
Computers / Security / Cryptography & Encryption
Computers / Security / General
  
Export CitationBiBTeX EndNote RefMan