The Security Development Lifecycle

Larger Cover

By Michael Howard, Steve Lipner

Publisher: Microsoft Press

Released: May 2006

Pages: 352

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs—the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.

Discover how to:

Use a streamlined risk-analysis process to find security design issues before code is committed
Apply secure-coding best practices and a proven testing process
Conduct a final security review before a product ships
Arm customers with prescriptive guidance to configure and deploy your product more securely
Establish a plan to respond to new security vulnerabilities
Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum

Includes a CD featuring:

A six-part security class video conducted by the authors and other Microsoft security experts
Sample SDL documents and fuzz testing tool

PLUS—Get book updates on the Web.

A Note Regarding the CD or DVD

The print version of this book ships with a CD or DVD. For those customers purchasing one of the digital formats in which this book is available, we are pleased to offer the CD/DVD content as a free download via O'Reilly Media's Digital Distribution services. To download this content, please visit O'Reilly's web site, search for the title of this book to find its catalog page, and click on the link below the cover image (Examples, Companion Content, or Practice Files). Note that while we provide as much of the media content as we are able via free download, we are sometimes limited by licensing restrictions. Please direct any questions or concerns to booktech@oreilly.com.

The Need for the SDL
1. Chapter 1 Enough Is Enough: The Threats Have Changed
  1. Worlds of Security and Privacy Collide
  2. Another Factor That Influences Security: Reliability
  3. It’s Really About Quality
  4. Why Major Software Vendors Should Create More Secure Software
  5. Why In-House Software Developers Should Create More Secure Software
  6. Why Small Software Developers Should Create More Secure Software
  7. Summary
  8. References
2. Chapter 2 Current Software Development Methods Fail to Produce Secure Software
  1. "Given enough eyeballs, all bugs are shallow"
  2. Proprietary Software Development Methods
  3. Agile Development Methods
  4. Common Criteria
  5. Summary
  6. References
3. Chapter 3 A Short History of the SDL at Microsoft
  1. First Steps
  2. New Threats, New Responses
  3. Windows 2000 and the Secure Windows Initiative
  4. Seeking Scalability: Through Windows XP
  5. Security Pushes and Final Security Reviews
  6. Formalizing the Security Development Lifecycle
  7. A Continuing Challenge
  8. References
4. Chapter 4 SDL for Management
  1. Commitment for Success
  2. Managing the SDL
  3. Summary
  4. References
The Security Development Lifecycle Process
1. Chapter 5 Stage 0: Education and Awareness
  1. A Short History of Security Education at Microsoft
  2. Ongoing Education
  3. Types of Training Delivery
  4. Exercises and Labs
  5. Tracking Attendance and Compliance
  6. Measuring Knowledge
  7. Implementing Your Own In-House Training
  8. Key Success Factors and Metrics
  9. Summary
  10. References
2. Chapter 6 Stage 1: Project Inception
  1. Determine Whether the Application Is Covered by SDL
  2. Assign the Security Advisor
  3. Build the Security Leadership Team
  4. Make Sure the Bug-Tracking Process Includes Security and Privacy Bug Fields
  5. Determine the "Bug Bar"
  6. Summary
  7. References
3. Chapter 7 Stage 2: Define and Follow Design Best Practices
  1. Common Secure-Design Principles
  2. Attack Surface Analysis and Attack Surface Reduction
  3. Summary
  4. References
4. Chapter 8 Stage 3: Product Risk Assessment
  1. Security Risk Assessment
  2. Privacy Impact Rating
  3. Pulling It All Together
  4. Summary
  5. References
5. Chapter 9 Stage 4: Risk Analysis
  1. Threat-Modeling Artifacts
  2. What to Model
  3. Building the Threat Model
  4. The Threat-Modeling Process
  5. Using a Threat Model to Aid Code Review
  6. Using a Threat Model to Aid Testing
  7. Key Success Factors and Metrics
  8. Summary
  9. References
6. Chapter 10 Stage 5: Creating Security Documents, Tools, and Best Practices for Customers
  1. Why Documentation and Tools?
  2. Creating Prescriptive Security Best Practice Documentation
  3. Creating Tools
  4. Summary
  5. References
7. Chapter 11 Stage 6: Secure Coding Policies
  1. Use the Latest Compiler and Supporting Tool Versions
  2. Use Defenses Added by the Compiler
  3. Use Source-Code Analysis Tools
  4. Do Not Use Banned Functions
  5. Reduce Potentially Exploitable Coding Constructs or Designs
  6. Use a Secure Coding Checklist
  7. Summary
  8. References
8. Chapter 12 Stage 7: Secure Testing Policies
  1. Fuzz Testing
  2. Penetration Testing
  3. Run-Time Verification
  4. Reviewing and Updating Threat Models if Needed
  5. Reevaluating the Attack Surface of the Software
  6. Summary
  7. References
9. Chapter 13 Stage 8: The Security Push
  1. Preparing for the Security Push
  2. Training
  3. Code Reviews
  4. Threat Model Updates
  5. Security Testing
  6. Attack-Surface Scrub
  7. Documentation Scrub
  8. Are We Done Yet?
  9. Summary
  10. References
10. Chapter 14 Stage 9: The Final Security Review
  1. Product Team Coordination
  2. Threat Models Review
  3. Unfixed Security Bugs Review
  4. Tools-Use Validation
  5. After the Final Security Review Is Completed
  6. Summary
11. Chapter 15 Stage 10: Security Response Planning
  1. Why Prepare to Respond?
  2. Preparing to Respond
  3. Security Response and the Development Team
  4. Summary
  5. References
12. Chapter 16 Stage 11: Product Release
  1. References
13. Chapter 17 Stage 12: Security Response Execution
  1. Following Your Plan
  2. Making It Up as You Go
  3. Knowing What to Skip
  4. Summary
  5. References
SDL Reference Material
1. Chapter 18 Integrating SDL with Agile Methods
  1. Using SDL Practices with Agile Methods
  2. Augmenting Agile Methods with SDL Practices
  3. Summary
  4. References
2. Chapter 19 SDL Banned Function Calls
  1. The Banned APIs
  2. Why the "n" Functions Are Banned
  3. Important Caveat
  4. Choosing StrSafe vs. Safe CRT
  5. Using StrSafe
  6. Using Safe CRT
  7. Other Replacements
  8. Tools Support
  9. ROI and Cost Impact
  10. Metrics and Goals
  11. References
3. Chapter 20 SDL Minimum Cryptographic Standards
  1. High-Level Cryptographic Requirements
  2. Cryptographic Algorithm Usage
  3. Data Storage and Random Number Generation
  4. References
4. Chapter 21 SDL-Required Tools and Compiler Options
  1. Required Tools
  2. References
5. Chapter 22 Threat Tree Patterns
  1. Spoofing an External Entity or a Process
  2. Tampering with a Process
  3. Tampering with a Data Flow
  4. Tampering with a Data Store
  5. Repudiation
  6. Information Disclosure of a Process
  7. Information Disclosure of a Data Flow
  8. Information Disclosure of a Data Store
  9. Denial of Service Against a Process
  10. Denial of Service Against a Data Flow
  11. Denial of Service Against a Data Store
  12. Elevation of Privilege
  13. References

Appendix Appendix

Title:

The Security Development Lifecycle

By:

Michael Howard, Steve Lipner

Publisher:

Microsoft Press

Formats:

Print
Ebook
Safari Books Online

Print:

May 2006

Ebook:

November 2009

Pages:

352

Print ISBN:

978-0-7356-2214-2

| ISBN 10:

0-7356-2214-0

Ebook ISBN:

978-0-7356-9071-4

| ISBN 10:

0-7356-9071-5

Description

Table of Contents

Product Details

About the Author

Recommended for You

The Need for the SDL

Chapter 1 Enough Is Enough: The Threats Have Changed

Chapter 2 Current Software Development Methods Fail to Produce Secure Software

Chapter 3 A Short History of the SDL at Microsoft

Chapter 4 SDL for Management

The Security Development Lifecycle Process

Chapter 5 Stage 0: Education and Awareness

Chapter 6 Stage 1: Project Inception

Chapter 7 Stage 2: Define and Follow Design Best Practices

Chapter 8 Stage 3: Product Risk Assessment

Chapter 9 Stage 4: Risk Analysis

Chapter 10 Stage 5: Creating Security Documents, Tools, and Best Practices for Customers

Chapter 11 Stage 6: Secure Coding Policies

Chapter 12 Stage 7: Secure Testing Policies

Chapter 13 Stage 8: The Security Push

Chapter 14 Stage 9: The Final Security Review

Chapter 15 Stage 10: Security Response Planning

Chapter 16 Stage 11: Product Release

Chapter 17 Stage 12: Security Response Execution

SDL Reference Material

Chapter 18 Integrating SDL with Agile Methods

Chapter 19 SDL Banned Function Calls

Chapter 20 SDL Minimum Cryptographic Standards

Chapter 21 SDL-Required Tools and Compiler Options

Chapter 22 Threat Tree Patterns

Appendix Appendix

About O'Reilly

Community

More O'Reilly Sites

Partner Sites

Shop O'Reilly