The security development lifecycle : SDL, a process for developing demonstrably more secure software

Michael Howard and Steve Lipner

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization. Discover how to: Use a streamlined risk-analysis process to find security design issues before code is committed Apply secure-coding best practices and a proven testing process Conduct a final security review before a product ships Arm customers with prescriptive guidance to configure and deploy your product more securely Establish a plan to respond to new security vulnerabilities Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum Includes a CD featuring: A six-part security class video conducted by the authors and other Microsoft security experts Sample SDL documents and fuzz testing tool PLUS Get book updates on the Web.

「Nielsen BookData」より

[目次]

  • Part 1: The Need for the SDL Enough is Enough: The Threats Have Changed Current Software Development Methods Fail to Produce Secure Software A Short History of the SDL at Microsoft SDL for Management Part 2: The Security Development Lifecycle Process Stage 0: Education and Awareness Stage 1: Project Inception Stage 2: Define and Follow Design Best Practices Stage 3: Product Risk Assessment Stage 4: Risk Analysis Stage 5: Creating Security Documents, Tools, and Best Practices for Customers Stage 6: Secure Coding Policies Stage 7: Secure Testing Policies Stage 8: The Security Push Stage 9: The Final Security Review Stage 10: The Security Response Planning Stage 11: Product Release Stage 12: Security Response Execution Part 3: SDL Reference Material Integrating SDL with Agile Methods SDL Banned Function Calls SDL Minimum Cryptographic Standards SDL-Required Tools and Compiler options Threat Tree Patterns

「Nielsen BookData」より

この本の情報

書名 The security development lifecycle : SDL, a process for developing demonstrably more secure software
著作者等 Howard, Michael
Howard M.
Lipner Steve
シリーズ名 Secure software development series
出版元 Microsoft Press
刊行年月 c2006
ページ数 xxii, 320 p.
大きさ 23 cm.
付随資料 1 CD-ROM (4 3/4 in.)
ISBN 9780735622142
NCID BB01672195
※クリックでCiNii Booksを表示
言語 英語
出版国 アメリカ合衆国
この本を: 
このエントリーをはてなブックマークに追加

このページを印刷

外部サイトで検索

この本と繋がる本を検索

ウィキペディアから連想