Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs-the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL-from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.

Discover how to:

Use a streamlined risk-analysis process to find security design issues before code is committed Apply secure-coding best practices and a proven testing process Conduct a final security review before a product ships Arm customers with prescriptive guidance to configure and deploy your product more securely Establish a plan to respond to new security vulnerabilities Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum

Includes a CD featuring:

A six-part security class video conducted by the authors and other Microsoft security experts Sample SDL documents and fuzz testing tool

PLUS-Get book updates on the Web.

For customers who purchase an ebook version of this title, instructions for downloading the CD files can be found in the ebook.

• This Edition
• Other Editions

• ISBN10 0735622140
• ISBN13 9780735622142
• Publish Date 25 January 2006
• Publish Status Out of Print
• Out of Print 20 May 2014
• Publish Country US
• Imprint Microsoft Press,U.S.

• Pages 352
• Language English