The Security Development Lifecycle

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs-the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL-from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.
Discover how to: * Use a streamlined risk-analysis process to find security design issues before code is committed * Apply secure-coding best practices and a proven testing process * Conduct a final security review before a product ships * Arm customers with prescriptive guidance to configure and deploy your product more securely * Establish a plan to respond to new security vulnerabilities * Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum Includes a CD featuring: * A six-part security class video conducted by the authors and other Microsoft security experts * Sample SDL documents and fuzz testing tool PLUS-Get book updates on the Web. For customers who purchase an ebook version of this title, instructions for downloading the CD files can be found in the ebook.