|
|
|||
|
||||
OverviewYour customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs-the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL-from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization. Discover how to: Use a streamlined risk-analysis process to find security design issues before code is committed Apply secure-coding best practices and a proven testing process Conduct a final security review before a product ships Arm customers with prescriptive guidance to configure and deploy your product more securely Establish a plan to respond to new security vulnerabilities Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum Includes a CD featuring: A six-part security class video conducted by the authors and other Microsoft security experts Sample SDL documents and fuzz testing tool PLUS-Get book updates on the Web. For customers who purchase an ebook version of this title, instructions for downloading the CD files can be found in the ebook. Full Product DetailsAuthor: Ben Howard , Steve LipnerPublisher: Microsoft Press,U.S. Imprint: Microsoft Press,U.S. Dimensions: Width: 18.70cm , Height: 2.70cm , Length: 22.90cm Weight: 0.703kg ISBN: 9780735622142ISBN 10: 0735622140 Pages: 352 Publication Date: 31 May 2006 Audience: General/trade , General Format: Mixed media product Publisher's Status: Out of Print Availability: Awaiting stock Table of ContentsPart 1: The Need for the SDL Enough is Enough: The Threats Have Changed Current Software Development Methods Fail to Produce Secure Software A Short History of the SDL at Microsoft SDL for Management Part 2: The Security Development Lifecycle Process Stage 0: Education and Awareness Stage 1: Project Inception Stage 2: Define and Follow Design Best Practices Stage 3: Product Risk Assessment Stage 4: Risk Analysis Stage 5: Creating Security Documents, Tools, and Best Practices for Customers Stage 6: Secure Coding Policies Stage 7: Secure Testing Policies Stage 8: The Security Push Stage 9: The Final Security Review Stage 10: The Security Response Planning Stage 11: Product Release Stage 12: Security Response Execution Part 3: SDL Reference Material Integrating SDL with Agile Methods SDL Banned Function Calls SDL Minimum Cryptographic Standards SDL-Required Tools and Compiler options Threat Tree PatternsReviewsAuthor InformationSteve Lipner, CISSP, is the senior director of Security Engineering Strategy for Microsoft. He is responsible for defining and updating the Security Development Lifecycle and has pioneered numerous security techniques. Steve has over 35 years' experience as a researcher, development manager, and general manager in IT security. Tab Content 6Author Website:Countries AvailableAll regions |