|The Security Development Lifecycle
The Security Development Lifecycle: A Process for Developing Demonstrably More Secure Software
Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs—the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, practical history of the SDL, and lessons to help you implement the SDL in any development organization.
Discover how to:
Use a streamlined risk-analysis process to find security design issues before code is committed.
Apply secure-coding best practices and a proven testing process
Conduct a final security review before a product ships
Arm customers with prescriptive guidance to configure and deploy your product more securely.
Establish a plan to respond to new security vulnerabilities
Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum
About the Authors
Michael Howard, CISSP, is a leading security expert. He is a senior security program manager at Microsoft® and has worked on Windows security since 1992 and now focuses on secure design, programming, and testing techniques.
Steve Lipner, CISSP, is Microsoft’s senior director of Security Engineering Strategy. He is responsible for defining and updating the Security Development Lifecycle and has pioneered numerous security techniques.