SDL FOR AGILE

Agile Development Using Microsoft Security Development Lifecycle

Microsoft has developed the SDL for Agile process to integrate critical security practices into the Agile methodology. The SDL for Agile Development guidance reorganizes security practices into three categories: Every-Sprint practices, Bucket practices, and One-Time practices

Bucket practices:: Important security practices that must be completed on a regular basis but can be spread across multiple sprints during the project lifetime.

CLICK ON A SDL PHASE OR PRACTICE BELOW TO LEARN MORE

1. TRAINING
  1. Core Security Training

2. REQUIREMENTS
  1. Establish Security Requirements
  1. Create Quality Gates/Bug Bars
  1. Perform Security and Privacy Risk Assessments
3. DESIGN
  1. Establish Design Requirements
  1. Perform Attack Surface Analysis/ Reduction
  1. Use Threat Modelling
4. IMPLEMENTATION
  1. Use Approved Tools
  1. Deprecate Unsafe Functions
  1. Perform Static Analysis
5. VERIFICATION
  1. Perform Dynamic Analysis
  1. Perform Fuzz Testing
  1. Conduct Attack Surface Review
6. RELEASE
  1. Create an Incident Response Plan
  1. Conduct Final Security Review
  1. Certify Release and Archive
7. RESPONSE
  1. Execute Incident Response Plan