The Security Development Lifecycle

The Security Development Lifecycle

  • Nombre de pages : 330 pages   cd   drapeau anglais
  • Date de parution : 15/06/2006 
  • EAN13 : 9780735622142

Livre papier

  • Prix Eyrolles.com30,79 €
rouge

Indisponible

En magasin

Indisponible

à la librairie Eyrolles, Paris

Venir au magasin

Résumé

Your in-depth, expert guide to the proven process that helps reduce security bugs.

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs-the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL-from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.

Discover how to:

  • Use a streamlined risk-analysis process to find security design issues before code is committed
  • Apply secure-coding best practices and a proven testing process
  • Conduct a final security review before a product ships
  • Arm customers with prescriptive guidance to configure and deploy your product more securely
  • Establish a plan to respond to new security vulnerabilities
  • Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum

Includes a CD featuring:

  • A six-part security class video conducted by the authors and other Microsoft security experts
  • Sample SDL documents and fuzz testing tool

PLUS-Get book updates on the Web.

Sommaire

  • The Need for the SDL
    • Enough is enough : the threats have changed
    • Current software development methods fail to produce secure software
    • A short history of the SDL at Microsoft
    • SDL for management
  • The Security Development Lifecycle Process
    • Stage 0 : education and awareness
    • Stage 1 : project inception
    • Stage 2 : define and follow design best practices
    • Stage 3 : product risk assessment
    • Stage 4 : risk analysis
    • Stage 5 : creating security documents, tools, and best practices for customers
    • Stage 6 : secure coding policies
    • Stage 7 : secure testing policies
    • Stage 8 : the security push
    • Stage 9 : the final security review
    • Stage 10 : security response planning
    • Stage 11 : product release
    • Stage 12 : security response execution
  • SDL Reference Material
    • Integrating SDL with agile methods
    • SDL banned function calls
    • SDL minimum cryptographic standards
    • SDL-required tools and compiler options
    • Threat tree patterns

Caractéristiques

  • Parution : 15/06/2006
  • Edition : 1ère édition
  •  
  • Nb de pages : 330 pages
  • Format : 19 x 23
  • Couverture : Broché
  • Poids : 740 g
  • Intérieur : Noir et Blanc
  •