oneMscomBlade,oneMscomSearch,oneMsomNav,oneMscomSocial,oneMscomList,oneMscomFooter,
Security Development Lifecycle
Account
Search this site
Search Microsoft.com
Search the Web
Home
About
About SDL
Evolution
Benefits
Customer stories
How to Adopt
How to adopt SDL
SDL process
SDL tools
SDL for agile
Resources
FAQ
Publications
Videos
Security self-assessment
Consulting services
Share
Email
Outlook.com
Blogger
AOL
Facebook
Publications
Expand All
SDL Implementation and Process Guidance
Simplified Implementation of the Microsoft SDL
The core concepts and activities of the Microsoft SDL recommended for any development organization.
Templates for SDL Practices
A set of templates to get you started with the SDL practices: Defining Security Requirements, Creating a Security Bug Bar, Performing a Security Risk Assessment, Conducting a Basic Threat Model, Managing SDL Exception Requests, Performing a Final Security Review.
SDL Quick Security References (QSRs)
A basic reference series designed to address common vulnerabilities from the perspective of multiple business roles: business decision maker, architect, developer, and tester/QA.
Microsoft SDL Process Guidance Version 5.2
The latest implementation of SDL requirements and recommendations at Microsoft.
Analyst Reports
The emergence of software security standards: ISO/IEC 27034-1:2011 and your organization
– A Reavis Consulting Group LLC research report.
BITS Releases Software Assurance Framework
Components overview of a mature, strategic software development program for financial institutions.
State of Application Security: Immature Practices Fuel Inefficiencies, but Positive ROI Is Attainable
A Forrester Consulting Thought Leadership Paper Commissioned by Microsoft.
Security and the Software Development Lifecycle: Secure at the Source
An independent Aberdeen Group research report.
Application Security: 2011 and Beyond
An independent Forrester research report.
Case Studies
The SDL Chronicles
Government of India
Itron, Inc.
MidAmerican Energy
SDL Pro Network Case Studies
iSec Partners -
Security Compliance as an Engineering Discipline
Security Innovation -
SDL Case Study at Sony Corporation
(PDF)
SDL and Compliance
Secure Software Trends in Healthcare
Compliance Benefits of Better Application Security
Aligning Microsoft SDL with PCI DSS/PCI PA-DSS Compliance Activity
Aligning Microsoft SDL with the HIPAA Security Rule
The National and Economic Benefits of Security Development Processes
BITS Software Assurance Framework for Financial Services
SDL White Papers
Mitigating Software Vulnerabilities - How exploit mitigation technologies can help prevent attacks caused by software vulnerabilities
The SDL Progress Report
Essential Software Security Training for the Microsoft SDL
SDL and HIPAA – Aligning Microsoft SDL Security Practices with the HIPAA Security Rule
SDL and PCI DSS/PA-DSS – Aligning the Microsoft SDL with PCI DSS/PCI PA-DSS Compliance Activity
The Microsoft SDL: Return on Investment
Security Considerations for Client and Cloud Applications
Security Best Practices for Developing Windows Azure Applications
Microsoft Silverlight 1.0: An SDL Implementation Story
How the SDL Helped Improve the Security of the 2007 Microsoft Office System
Internet Explorer 8 and the Security Development Lifecycle
Applying the Security Development Lifecycle at Windows Live
Preventing Security Development Errors: Lessons Learned at Windows Live by Using ASP.NET MVC
SDL Articles from the MSDN Magazine
A Look Inside the Security Development Lifecycle at Microsoft
, Nov. 2005
Uncover Security Design Flaws Using the STRIDE Approach
, Nov. 2006
Lessons Learned from Five Years of Building More Secure Software
, Nov. 2007
Protecting Your Code with Visual C++ Defenses
, Mar. 2008
Penetration Testing
, May 2008
Reinvigorate Your Threat Modeling Process
, Jul. 2008
SDL Embraces Web
, Sep. 2008
Agile SDL: Streamline Security Practices for Agile Development
, Nov. 2008
Threat Models Improve Your Security Process
, Nov. 2008
Security Quiz: Test Your Security IQ
, Nov. 2008
Getting Started with the SDL Threat Modeling Tool
, Jan. 2009
A Conversation About Threat Modeling
, May 2009
Cryptographic Agility
, Aug. 2009
XML Denial of Service Attacks and Defenses
, Nov. 2009
Security Compliance as an Engineering Discipline
, Feb. 2010
Add a Security Bug Bar to Microsoft Team Foundation Server 2010
, Mar. 2010
Regular Expression Denial of Service Attacks and Defenses
, May 2010
View State Security
, Jul. 2010
The MSF-Agile+SDL Process Template for TFS 2010
, Sep. 2010
Web Application Configuration Security Revisited
, Nov. 2010
MSDN Library
Microsoft SDL Process Guidance
SDL Banned Function Calls
Securing Applications with the .NET Framework
SDL Webcasts
Ajax Applications: A Blueprint for Disaster
, Mar. 2009
Detecting and Mitigating Security Issues Using the Code Analysis Tool .NET (Level 200)
, Feb. 2010
Agile Security – Develop Code Rapidly and Securely with SDL-Agile (Level 200)
, Mar. 2010
Security Best Practices for Design and Deployment on Windows Azure (Level 200)
, Apr. 2010
Using the Attack Surface Analyzer (Level 200)
, Apr. 2011
State of Application Security: Key Findings (Level 100)
, May 2011
Security Enhancements in Visual Studio 2012 RC (Level 300)
, June 2012
SDL Pro Network Webcasts
Beyond Security –
File Fuzzing for Fun and Profit (Level 300)
, Jun. 2010
Cigital –
Lessons from Implementing the Security Development Lifecycle (Level 200)
, Mar. 2010
Consult2Comply –
Regulatory and Standards Management in Compliance Mapper (Level 200)
, Mar. 2010
iSec Partners –
Harmonizing Security Compliance and the SDL (Level 100)
, Mar. 2010
Security Innovation –
Fending Off Attacks by Reducing an Application's Attack Surface (Level 300)
, Jan. 2011
Security Compass –
Threat Model Express (Level 200)
, Mar. 2011
Aspect Security –
You Can't Hack Yourself Secure
, Apr. 2012
Security Compass –
SDL and Mobile Security
, May 2012
Books
Michael Howard and Steve Lipner, The Security Development Lifecycle, Microsoft Press, Redmond, Washington, 2006
Michael Howard and Steve Lipner, Writing Secure Code, Second Edition, Microsoft Press, Redmond, Washington, 2003
SDL Articles: A series of seven articles about the Security Development Lifecycle at Microsoft
Article #1:
Investigating the Security Development Lifecycle at Microsoft
(PDF)
Article #2:
Security Education at Microsoft
(PDF)
Article #3:
The Microsoft Security Org Chart
(PDF)
Article #4:
Threat Modeling at Microsoft
(PDF)
Article #5:
Microsoft's Security Toolbox
(PDF)
Article #6:
Microsoft's Security Response
(PDF)
Article #7:
Evolution of the Microsoft Security Development Lifecycle
(PDF)
Was this information useful?
Yes
No