The Security Development Lifecycle (SDL)
SDL: A Process for Developing Demonstrably More Secure Software
Book Details
| Authors | Michael Howard, Steve Lipner |
| Publisher | Microsoft Press |
| Published | 2006 |
| Edition | 1 |
| Paperback | 348 pages |
| Language | English |
| ISBN-13 | 9780735622142 |
| ISBN-10 | 0735622140 |
| License | Open Access |
Book Description
Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs - the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL - from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.
Discover how to:
- Use a streamlined risk-analysis process to find security design issues before code is committed
- Apply secure-coding best practices and a proven testing process
- Conduct a final security review before a product ships
- Arm customers with prescriptive guidance to configure and deploy your product more securely
- Establish a plan to respond to new security vulnerabilities
- Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum.
This book is published as open-access, which means it is freely available to read, download, and share without restrictions.
If you enjoyed the book and would like to support the author, you can purchase a printed copy (hardcover or paperback) from official retailers.
Download and Read Links
Share This Book
[localhost]# find . -name "*Similar_Books*"
Asterisk: The Future of Telephony, 2nd Edition
This bestselling book is now the standard guide to building phone systems with Asterisk, the open source IP PBX that has traditional telephony providers running scared! Revised for the 1.4 release of the software, the new edition of Asterisk: The Future of Telephony reveals how you can save money on equipment and support, and finally be in control
Web Application Security
While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking - until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply. Andrew Hoffman, a senior security engineer at Salesforce, introduc
Platform Embedded Security Technology Revealed
Platform Embedded Security Technology Revealed is an in-depth introduction to Intel's platform embedded solution: the security and management engine. The engine is shipped inside most Intel platforms for servers, personal computers, tablets, and smartphones. The engine realizes advanced security and management functionalities and protects applicati
DevOps for Digital Leaders
Learn to design, implement, measure, and improve DevOps programs that are tailored to your organization. This concise guide assists leaders who are accountable for the rapid development of high-quality software applications. In DevOps for Digital Leaders, deep collective experience on both sides of the dev - ops divide informs the global thought le
The Computers That Made Britain
The home computer boom of the 1980s brought with it now iconic machines such as the ZX Spectrum, BBC Micro, and Commodore 64. Those machines would inspire a generation. Written by Tim Danton. The Computers That Made Britain (300 pages, hardback) tells the story of 19 of those computers - and what happened behind the scenes. With dozens of new inter
Building Secure and Reliable Systems
Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be considered secure if it's unreliable? Security is crucial to the design and operation of scalable systems in production, as it plays an important part in product quality, performance, and availability. In this book, experts from Google share best practices to h