• Title: The Security Development Lifecycle: A Process for Developing Demonstrably More Secure Software
• Author(s) Michael Howard, Steve Lipner
• Publisher: Microsoft Press; 1 edition (June 28, 2006)
• Paperback: 352 Pages
• eBook: PDF (348 pages, 20.52 MB)
• Language: English
• ISBN-10: 0735622140
• ISBN-13: 978-0735622142
• Share This:  

Book Description

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs—the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.

Discover how to:

• Use a streamlined risk-analysis process to find security design issues before code is committed
• Apply secure-coding best practices and a proven testing process
• Conduct a final security review before a product ships
• Arm customers with prescriptive guidance to configure and deploy your product more securely
• Establish a plan to respond to new security vulnerabilities
• Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum

• Michael Howard, CISSP, is a leading security expert. He is a senior security program manager at Microsoft® and has worked on Windows security since 1992 and now focuses on secure design, programming, and testing techniques.
• Steve Lipner, CISSP, is the senior director of Security Engineering Strategy for Microsoft. He is responsible for defining and updating the Security Development Lifecycle and has pioneered numerous security techniques.

• Amazon

• Computer, Networks, and Information Security
• Software Engineering Principles and Practices
• Miscellaneous and Uncategorized Books

• The Security Development Lifecycle: A Process for Developing Demonstrably More Secure Software
• The Mirror Sie (1) - PDF
• The Mirror Sie (2) - PDF

• Security of Ubiquitous Computing Systems (Gildas Avoine, et al)

  It is to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework that lies along four axes: cryptographic models, cryptanalysis of building blocks, security engineering, and security assessment.

• Security Concepts (Subspacefield)

  This is a book about computer, network, technical, physical, information and cryptographic security, illustrated with interesting and entertaining examples. It is not intended to be an introductory text, although a beginner could gain something from it.

• Rational Cybersecurity for Business (Daniel Blum)

  This open access book presents six priority areas to focus on to maximize the effectiveness of your cybersecurity program: risk management, control baseline, security culture, IT rationalization, access control, and cyber-resilience.

• Security Engineering: Building Dependable Distributed Systems

  It makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice, offers a lot of thoughts on how information can be made more secure by both technologies and strategies.

• Web Application Security: Exploitation and Countermeasures

  This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply. It introduces three pillars of web application security: recon, offense, and defense.

• Demystifying Internet of Things Security (Sunil Cheruvu, et al)

  This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. It provides clarity to industry professionals and provides and overview of different security solutions.