Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Security Development Lifecycle Whitepaper Available

from [Michael Howard] Network Security [Permanent Link]
Subject: Security Development Lifecycle Whitepaper Available
Date: Tue, 22 Mar 2005 15:11:51 -0800 
Microsoft has made publicly available our Security Development Lifecycle
(SDL) paper at http://msdn.microsoft.com/security/sdl. 

The SDL is the process that Microsoft has implemented for the
development of software that needs to withstand malicious attack. The
process encompasses the addition of a series of security-focused
activities and deliverables to each of the phases of Microsoft's
software development process. These activities and deliverables include
the development of threat models during software design, the use of
static analysis code-scanning tools during implementation, and the
conduct of code reviews and security testing during a focused "security
push". Before software developed under the SDL can be released, it must
undergo a Final Security Review by a team independent from its
development group. When compared to software that has not been subject
to the SDL, software that has undergone the SDL has experienced a
significantly reduced rate of external discovery of security
vulnerabilities. This paper describes the SDL and discusses experience
with its implementation across Microsoft software.

Cheers, Michael

[Writing Secure Code] http://www.microsoft.com/mspress/books/5957.asp
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.msdn.com/michael_howard
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Security Development Lifecycle Whitepaper Available, Michael Howard <=
Previous by Date:  Re: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Eitan Caspi
Next by Date:  Re: [VulnWatch] Details of Sybase ASE bugs withheld, Simple Nomad
Previous by Thread:  [Full-disclosure] root-equivalent groups, psz
Next by Thread:  [SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS Vulnerabilities, chewkeong
Indexes:  [Date] [Thread] [Top] [All Lists]