• Title The Security Development Lifecycle: A Process for Developing Demonstrably More Secure Software
• Author(s) Michael Howard, Steve Lipner
• Publisher: Microsoft Press; 1 edition (June 28, 2006)
• Paperback 352 Pages
• eBook PDF (348 pages, 20.52 MB)
• Language: English
• ISBN-10: 0735622140
• ISBN-13: 978-0735622142
• Share This:  

Book Description

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs—the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.

Discover how to:

• Use a streamlined risk-analysis process to find security design issues before code is committed
• Apply secure-coding best practices and a proven testing process
• Conduct a final security review before a product ships
• Arm customers with prescriptive guidance to configure and deploy your product more securely
• Establish a plan to respond to new security vulnerabilities
• Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum

• Michael Howard, CISSP, is a leading security expert. He is a senior security program manager at Microsoft® and has worked on Windows security since 1992 and now focuses on secure design, programming, and testing techniques.
• Steve Lipner, CISSP, is the senior director of Security Engineering Strategy for Microsoft. He is responsible for defining and updating the Security Development Lifecycle and has pioneered numerous security techniques.

• Amazon

• Computer and Information Security
• Software Engineering Principles and Practices
• Miscellaneous and Uncategorized Books

• The Security Development Lifecycle: A Process for Developing Demonstrably More Secure Software

• Open Source Security Tools: A Practical Guide to Security Applications
• Web Application Security Guide (Jan Schejbal)
• Intrusion Detection Systems with Snort, Apache, MySQL, PHP, ACID