The security development lifecycle :
Howard, Michael, 1965-
The security development lifecycle : SDL, a process for developing demonstrably more secure software / Michael Howard and Steve Lipner. - Redmond, Wash. : Microsoft Press, c2006. - xxii, 320 p. : ill. ; 23 cm. + 1 CD-ROM (4 3/4 in.). - Secure software development series .
Includes bibliographical references and index.
Chapter 1: Enough Is Enough: The Threats Have Changed -- Chapter 2: Current Software Development Methods Fail to Produce Secure Software -- Chapter 3: A Short History of the SDL at Microsoft -- Chapter 4: SDL for Management -- Chapter 5: Stage 0: Education and Awareness -- Chapter 6: Stage 1: Project Inception -- Chapter 7: Stage 2: Define and Follow Design Best Practices -- Chapter 8: Stage 3: Product Risk Assessment -- Chapter 9: Stage 4: Risk Analysis -- Chapter 10: Stage 5: Creating Security Documents, Tools, and Best Practices for Customers -- Chapter 11: Stage 6: Secure Coding Policies -- Chapter 12: Stage 7: Secure Testing Policies -- Chapter 13: Stage 8: The Security Push -- Chapter 14: Stage 9: The Final Security Review -- Chapter 15: Stage 10: Security Response Planning -- Chapter 16: Stage 11: Product Release -- Chapter 17: Stage 12: Security Response Execution -- Chapter 18: Integrating SDL with Agile Methods -- Chapter 19: SDL Banned Function Calls -- Chapter 20: SDL Minimum Cryptographic Standards -- Chapter 21: SDL-Required Tools and Compiler Options -- Chapter 22: Threat Tree Patterns.
Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs—the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization. With expert insights, this introduction to the Security Development Lifecycle (SDL) provides you with a history of the methodology and guides you through each stage of the proven process--from design to release--that helps minimize security defects. The software industry has been struggling with how to create and release software that is more security-enhanced and reliable--the Security Development Lifecycle (SDL) provides a methodology that works. Adapted from Microsoft's standard development process, SDL is a critical way to help reduce the number of security defects in code at every stage of the development process, from design to release. In addition to a brief history of the methodology, this book details each stage of the SDL methodology and discusses its implementation across a range of Microsoft software, including Microsoft Windows ServerTM 2003, Microsoft SQL ServerTM 2000 Service Pack 3, and Microsoft Exchange Server 2003 Service Pack 1, to help measurably improve security features. Coauthored by Michael Howard and Steve Lipner, you get direct access to insights from Microsoft's security team and lessons that are repeatable and applicable to software development processes worldwide, whether on a small-scale or large-scale. This book includes a CD featuring videos of developer training classes.
9780735622142
2006924466
Computer software -- Development.
Computer security.
Computer software -- Reliability.
005.8
The security development lifecycle : SDL, a process for developing demonstrably more secure software / Michael Howard and Steve Lipner. - Redmond, Wash. : Microsoft Press, c2006. - xxii, 320 p. : ill. ; 23 cm. + 1 CD-ROM (4 3/4 in.). - Secure software development series .
Includes bibliographical references and index.
Chapter 1: Enough Is Enough: The Threats Have Changed -- Chapter 2: Current Software Development Methods Fail to Produce Secure Software -- Chapter 3: A Short History of the SDL at Microsoft -- Chapter 4: SDL for Management -- Chapter 5: Stage 0: Education and Awareness -- Chapter 6: Stage 1: Project Inception -- Chapter 7: Stage 2: Define and Follow Design Best Practices -- Chapter 8: Stage 3: Product Risk Assessment -- Chapter 9: Stage 4: Risk Analysis -- Chapter 10: Stage 5: Creating Security Documents, Tools, and Best Practices for Customers -- Chapter 11: Stage 6: Secure Coding Policies -- Chapter 12: Stage 7: Secure Testing Policies -- Chapter 13: Stage 8: The Security Push -- Chapter 14: Stage 9: The Final Security Review -- Chapter 15: Stage 10: Security Response Planning -- Chapter 16: Stage 11: Product Release -- Chapter 17: Stage 12: Security Response Execution -- Chapter 18: Integrating SDL with Agile Methods -- Chapter 19: SDL Banned Function Calls -- Chapter 20: SDL Minimum Cryptographic Standards -- Chapter 21: SDL-Required Tools and Compiler Options -- Chapter 22: Threat Tree Patterns.
Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs—the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization. With expert insights, this introduction to the Security Development Lifecycle (SDL) provides you with a history of the methodology and guides you through each stage of the proven process--from design to release--that helps minimize security defects. The software industry has been struggling with how to create and release software that is more security-enhanced and reliable--the Security Development Lifecycle (SDL) provides a methodology that works. Adapted from Microsoft's standard development process, SDL is a critical way to help reduce the number of security defects in code at every stage of the development process, from design to release. In addition to a brief history of the methodology, this book details each stage of the SDL methodology and discusses its implementation across a range of Microsoft software, including Microsoft Windows ServerTM 2003, Microsoft SQL ServerTM 2000 Service Pack 3, and Microsoft Exchange Server 2003 Service Pack 1, to help measurably improve security features. Coauthored by Michael Howard and Steve Lipner, you get direct access to insights from Microsoft's security team and lessons that are repeatable and applicable to software development processes worldwide, whether on a small-scale or large-scale. This book includes a CD featuring videos of developer training classes.
9780735622142
2006924466
Computer software -- Development.
Computer security.
Computer software -- Reliability.
005.8