Publications and Other Resources
SDL Implementation and Process Guidance
-
Simplified Implementation of the Microsoft SDL
The core concepts and activities of the Microsoft SDL recommended for any development organization.
-
Templates for SDL Practices
A set of templates to get you started with the SDL practices: Defining Security Requirements, Creating a Security Bug Bar, Performing a Security Risk Assessment, Conducting a Basic Threat Model, Managing SDL Exception Requests, Performing a Final Security Review.
-
SDL Quick Security References (QSRs)
A basic reference series designed to address common vulnerabilities from the perspective of multiple business roles: business decision maker, architect, developer, and tester/QA.
-
Microsoft SDL Process Guidance Version 5.1
The latest implementation of SDL requirements and recommendations at Microsoft.
Analyst Reports
Case Studies
SDL Pro Network Case Studies
SDL White Papers
SDL Articles from the MSDN Magazine
-
A Look Inside the Security Development Lifecycle at Microsoft, Nov. 2005
-
Uncover Security Design Flaws Using the STRIDE Approach, Nov. 2006
-
Lessons Learned from Five Years of Building More Secure Software, Nov. 2007
-
Protecting Your Code with Visual C++ Defenses, Mar. 2008
-
Penetration Testing, May 2008
-
Reinvigorate Your Threat Modeling Process, Jul. 2008
-
SDL Embraces Web, Sep. 2008
-
Agile SDL: Streamline Security Practices for Agile Development, Nov. 2008
-
Threat Models Improve Your Security Process, Nov. 2008
-
Security Quiz: Test Your Security IQ, Nov. 2008
-
Getting Started with the SDL Threat Modeling Tool, Jan. 2009
-
A Conversation About Threat Modeling, May 2009
-
Cryptographic Agility, Aug. 2009
-
XML Denial of Service Attacks and Defenses, Nov. 2009
-
Security Compliance as an Engineering Discipline, Feb. 2010
-
Add a Security Bug Bar to Microsoft Team Foundation Server 2010, Mar. 2010
-
Regular Expression Denial of Service Attacks and Defenses, May 2010
-
View State Security, Jul. 2010
-
The MSF-Agile+SDL Process Template for TFS 2010, Sep. 2010
-
Web Application Configuration Security Revisited, Nov. 2010
MSDN Library
SDL Webcasts
SDL Pro Network Webcasts
Books
- Michael Howard and Steve Lipner, The Security Development Lifecycle, Microsoft Press, Redmond, Washington, 2006
- Michael Howard and Steve Lipner, Writing Secure Code, Second Edition, Microsoft Press, Redmond, Washington, 2003
SDL Articles: A series of seven articles about the Security Development Lifecycle at Microsoft
