The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software (Paperback)

Michael Howard, Steve Lipner

  • 出版商: MicroSoft
  • 出版日期: 2006-06-28
  • 售價: $1,280
  • 貴賓價: 9.5$1,216
  • 語言: 英文
  • 頁數: 352
  • 裝訂: Paperback
  • ISBN: 0735622140
  • ISBN-13: 9780735622142
  • 相關分類: 資訊安全






Your in-depth, expert guide to the proven process that helps reduce security bugs.

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs—the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.

Discover how to:
•Use a streamlined risk-analysis process to find security design issues before code is committed
•Apply secure-coding best practices and a proven testing process
•Conduct a final security review before a product ships
•Arm customers with prescriptive guidance to configure and deploy your product more securely
•Establish a plan to respond to new security vulnerabilities
•Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum

Includes a CD featuring:
•A six-part security class video conducted by the authors and other Microsoft security experts
•Sample SDL documents and fuzz testing tool