The Security Development Lifecycle

The Security Development Lifecycle
Published:May 31, 2006Accompanying Media:1 Companion CD(s)
Author:Michael Howard and Steve LipnerLanguage:English
Length:352 PagesLevel:Intermediate, Advanced
ISBN 13:

9780735622142Technology:

Security
ISBN 10:0-7356-2214-0Format:Paperback
List Price:$ 34.99
Show all itemsHide all items
About The BookYour in-depth, expert guide to the proven process that helps reduce security bugs.

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs—the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.

Discover how to:
  • Use a streamlined risk-analysis process to find security design issues before code is committed

  • Apply secure-coding best practices and a proven testing process

  • Conduct a final security review before a product ships

  • Arm customers with prescriptive guidance to configure and deploy your product more securely

  • Establish a plan to respond to new security vulnerabilities

  • Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum



    • Includes a CD featuring:
  • A six-part security class video conducted by the authors and other Microsoft security experts

  • Sample SDL documents and fuzz testing tool


    • PLUS—Get book updates on the Web.
    About Michael Howard and Steve LipnerMichael Howard, CISSP, is a leading security expert. He is a senior security program manager at Microsoft and the coauthor of 19 Deadly Sins of Software Security and the award-winning Writing Secure Code. Michael has worked on Microsoft Windows security since 1992 and now focuses on secure design, programming, and testing techniques. He is the consulting editor for the Secure Software Development Series of books by Microsoft Press.

    Steve Lipner, CISSP, is the senior director of Security Engineering Strategy for Microsoft. He is responsible for defining and updating the Security Development Lifecycle and has pioneered numerous security techniques. Steve has over 35 years’ experience as a researcher, development manager, and general manager in IT security.
    Other Books By Michael Howard
    Have Questions? For advice about training and certification, connect with peers: For questions about a specific certification, chat with a Microsoft Certified Professional (MCP): To find out about recommended blogs, Web sites, and upcoming Live Meetings on popular topics, visit our community site:
    What do you think of this book?Your feedback is important in helping us create books that serve your needs and meet your expectations. Please take our survey at www.microsoft.com/learning/booksurvey

    Note: You will need this book's 13-digit International Standard Book Number (ISBN) to take the survey. The ISBN 13 can be found above.
    To report or search for corrections in this book or companion content,
    please go to www.microsoft.com/learning/support/books/
    Book index

    Buy This Book

    Amazon