• Microsoft Security Development Lifecycle Tools

  • SDL Tools Overview


Training

Requirements

Design

Implementation

Verification

Release

Response

  1. Core Security Training

  1. Establish Security Requirements

  1. Create Quality Gates/Bugs Bars

  1. Perform Security and Privacy Risk Assessments

  1. Establish Design Requirements

  1. Perform Attack Surface Analysis/ Reduction

  1. Use Threat Modelling

  1. Use Approved Tools

  1. Deprecate Unsafe Functions

  1. Perform Static Analysis

  1. Perform Dynamic Analysis

  1. Perform Fuzz Testing

  1. Conduct Attack Surface Review

  1. Create an Incident Response Plan

  1. Conduct Final Security Review

  1. Certify Release and Archieve

  1. Execute Incident Response Plan

Requirements Tools
View descriptions to determine the expertise needed to appropriately use the tools in the Requirements phase. Members of the SDL Pro Network offer security tools and associated services to help you perform SDL security activities.
Microsoft Solutions Framework (MSF) for Capability Maturity Model Integration (CMMI) 2013 plus Security Development Lifecycle (SDL)
The SDL Process Template for Visual Studio 2013 and Visual Studio Team Foundation Server is a downloadable template that automatically integrates the policy, process, and tools associated with the Microsoft SDL Process Guidance version 5.2 directly into your software development environment. It eases adoption of the SDL, enables auditable security requirements and status, and demonstrates security return on investment in a framework that is familiar to developers, testers, and program managers. For more information, click here.

Microsoft Solutions Framework (MSF) for Agile 2013 plus Security Development Lifecycle (SDL)
The MSF-Agile+SDL Process Template is a downloadable template that integrates the policy, process, and tools of the SDL for Agile Development guidance into the familiar Microsoft Solution Framework (MSF) for Agile Software Development (MSF-Agile) Process Template that ships with Visual Studio Team Foundation Server. The MSF-Agile+SDL Process Template is similar to the SDL Process Template, but is more suitable for projects following an Agile development methodology. For more information, click here.