• Consulting Services for the Security Development Lifecycle

  • Microsoft Services and the SDL Pro Network offer training, consulting, and tools services designed to help you adopt the SDL process and make security and privacy an integral part of your software development.
  • Specific offerings fall into the following areas:
    • Training, policy and organizational capabilities, including security and privacy training and advice on how to implement the practices and tools recommended by the SDL
    • Requirements and design, including risk analysis, functional requirements, and threat modeling
    • Implementation, including use of banned APIs, static code analysis, and code review
    • Verification, including dynamic security testing and web application review
    • Release and response, including attack surface and threat model reviews, final security review, and response planning and execution
    • Security tools, such as static analysis tools for the Implementation Phase and dynamic and binary analysis tools for the Verification Phase
  • Microsoft Services and the SDL Pro Network can help you identify and prioritize the appropriate SDL practices and tools to use during your organization's software development process. They work together to help customers realize the full value of Microsoft technologies.