SDL for Agile
Agile Development Using Microsoft Security Development Lifecycle
Microsoft has developed the SDL for Agile process to integrate critical security practices into the Agile methodology. The SDL for Agile Development guidance reorganizes security practices into three categories: Every-Sprint practices, Bucket practices, and One-Time practices
One-Time practices: Foundational security practices that must be established once at the start of every new Agile project.
  1. Core Security Training
  1. Establish Security Requirements
  1. Create Quality Gates/Bug Bars
  1. Perform Security and Privacy Risk Assessments
  1. Establish Design Requirements
  1. Perform Attack Surface Analysis/ Reduction
  1. Use Threat Modelling
  1. Use Approved Tools
  1. Deprecate Unsafe Functions
  1. Perform Static Analysis
  1. Perform Dynamic Analysis
  1. Perform Fuzz Testing
  1. Conduct Attack Surface Review
  1. Create an Incident Response Plan
  1. Conduct Final Security Review
  1. Certify Release and Archive
  1. Execute Incident Response Plan

SDL Practice #2: Establish Security and Privacy Requirements

Defining and integrating security and privacy requirements early helps make it easier to identify key milestones and deliverables and minimize disruptions to plans and schedules.

Security and privacy analysis includes assigning security experts, defining minimum security and privacy criteria for an application, and deploying a security vulnerability/work item tracking system.

When should this practice be implemented?

Traditional Software development: Requirements Phase
Agile development: One Time

    • VIDEOS
      • SDL Process Template
        SDL Process Template
        Watch this short video to learn more about the SDL Process Template. The SDL Process Template is one of many free templates and tools available in the Microsoft SDL Toolset. The SDL Process teamplate is a downloadable template that leverages the technology of Visual Studio Team System (VSTS) and Team Foundation Server (TFS) to automatically integrate the policy, process and tools associated with the Security Development Lifecycle version into your software development environment.
        Run Time:        7:28
        Uploaded:        12/07/10
        Share it:          Linked InTwitterFacebookDiggEmail
      • MSF-Agile+SDL Process Template
        MSF-Agile + SDL Process Template
        Watch this short video to learn more about the MSF-Agile+SDL Process Template. The MSF-Agile+SDL Template is one of many templates and tools available to help you implement the Microsoft SDL. MSF-Agile+SDL Process Template is a Team Foundation Server downloadable template that automatically incorporates the policy, process and tools associated with the SDL for Agile development guidance into the familiar Microsoft Solutions Framework (MSF) for Agile software development (MSF-Agile) process template that ships with Visual Studio Team System.
        Run Time:        6:30
        Uploaded:        12/07/10
        Share it:          Linked InTwitterFacebookDiggEmail