Home Page Icon
Home Page
Table of Contents for
The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software
Close
The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software
by Steve Lipner, Michael Howard
Security Development Lifecycle
The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software
Foreword
Introduction
Why Should You Read This Book?
Organization of This Book
Part I, “The Need for the SDL”
Part II, “The Security Development Lifecycle Process”
Part III, “SDL Reference Material”
The Future Evolution of the SDL
What’s on the Companion Disc?
System Requirements
Acknowledgments
References
Bibliography
I. The Need for the SDL
Bibliography
2. Current Software Development Methods Fail to Produce Secure Software
“Given enough eyeballs, all bugs are shallow”
Incentive to Review Code
Understanding Security Bugs
Critical Mass
“Many Eyeballs” Misses the Point Altogether
Proprietary Software Development Methods
CMMI, TSP, and PSP
Agile Development Methods
Common Criteria
Summary
References
Bibliography
Bibliography
4. SDL for Management
Commitment for Success
Commitment at Microsoft
Is the SDL Necessary for You?
Effective Commitment
Make a Statement
Be Visible
Provide Resources
Stop Products
Managing the SDL
Resources
Factors That Affect the Cost of SDL
Rules of Thumb
Is the Project on Track?
Summary
References
Bibliography
II. The Security Development Lifecycle Process
5. Stage 0: Education and Awareness
A Short History of Security Education at Microsoft
Ongoing Education
Types of Training Delivery
Exercises and Labs
Tracking Attendance and Compliance
Other Compliance Ideas
Measuring Knowledge
Implementing Your Own In-House Training
Creating Education Materials “On a Budget”
Key Success Factors and Metrics
Summary
References
Bibliography
6. Stage 1: Project Inception
Determine Whether the Application Is Covered by SDL
Assign the Security Advisor
Act as a Point of Contact Between the Development Team and the Security Team
Holding an SDL Kick-Off Meeting for the Development Team
Holding Design and Threat Model Reviews with the Development Team
Analyzing and Triaging Security-Related and Privacy-Related Bugs
Acting as a Security Sounding Board for the Development Team
Preparing the Development Team for the Final Security Review
Working with the Reactive Security Team
Build the Security Leadership Team
Make Sure the Bug-Tracking Process Includes Security and Privacy Bug Fields
Determine the “Bug Bar”
Summary
References
Bibliography
7. Stage 2: Define and Follow Design Best Practices
Common Secure-Design Principles
Attack Surface Analysis and Attack Surface Reduction
Step 1: Is This Feature Really That Important?
Step 2: Who Needs Access to the Functionality and from Where?
Step 3: Reduce Privilege
Services and Low Privilege
More Attack Surface Elements
UDP vs. TCP
Weak Permissions vs. Strong Permissions
.NET Code vs. ActiveX Code
ActiveX “Safe for Scripting”
ActiveX SiteLocked Controls
Managed Code AllowPartiallyTrustedCallers Attribute
Summary
References
Bibliography
Bibliography
Bibliography
10. Stage 5: Creating Security Documents, Tools, and Best Practices for Customers
Why Documentation and Tools?
Creating Prescriptive Security Best Practice Documentation
Setup Documentation
Mainline Product Use Documentation
Help Documentation
Developer Documentation
Creating Tools
Summary
References
Bibliography
Bibliography
12. Stage 7: Secure Testing Policies
Fuzz Testing
Fuzzing File Formats
A generic file-fuzzing process
Identify all valid file formats
Collect a library of valid files
Malform a file
Consume the file and observe the application
Fuzzing Network Protocols
Create bogus packets
Record-fuzz-replay packets
Malforming packets on the fly
Miscellaneous Fuzzing
Fixing Bugs Found Through Fuzz Testing
Penetration Testing
Run-Time Verification
Reviewing and Updating Threat Models if Needed
Reevaluating the Attack Surface of the Software
Summary
References
Bibliography
13. Stage 8: The Security Push
Preparing for the Security Push
Push Duration
Training
Code Reviews
Executable-File Owners
Threat Model Updates
Security Testing
Attack-Surface Scrub
Documentation Scrub
Are We Done Yet?
Summary
References
Bibliography
14. Stage 9: The Final Security Review
Product Team Coordination
Threat Models Review
Unfixed Security Bugs Review
Tools-Use Validation
After the Final Security Review Is Completed
Handling Exceptions
Summary
15. Stage 10: Security Response Planning
Why Prepare to Respond?
Your Development Team Will Make Mistakes
New Kinds of Vulnerabilities Will Appear
Rules Will Change
Preparing to Respond
Building a Security Response Center
Which Vulnerabilities Will You Respond To?
Where Do Vulnerability Reports Come From?
Security Response Process
Vulnerability reporting
Triaging
Creating the fix
Security fixes and regressions
Security fixes for multiple product versions and locales
Managing the security researcher relationship
Testing
Content creation
Security advisories
Press outreach
Update release
Lessons learned
Emergency Response Process
Watch phase
Alert and Mobilize phase
Assess and Stabilize phase
Resolve phase
Security Response and the Development Team
Create Your Response Team
Support Your Entire Product
Support All Your Customers
Make Your Product Updatable
Find the Vulnerabilities Before the Researchers Do
Summary
References
Bibliography
16. Stage 11: Product Release
References
Bibliography
17. Stage 12: Security Response Execution
Following Your Plan
Stay Cool
Take Your Time
Watch for Events That Might Change Your Plans
Follow Your Plan
Making It Up as You Go
Know Who to Call
Be Able to Build an Update
Be Able to Install an Update
Know the Priorities When Inventing Your Process
Knowing What to Skip
Summary
References
Bibliography
III. SDL Reference Material
18. Integrating SDL with Agile Methods
Using SDL Practices with Agile Methods
Security Education
Project Inception
Establishing and Following Design Best Practices
Risk Analysis
Creating Security Documents, Tools, and Best Practices for Customers
Secure Coding and Testing Policies
Security Push
Final Security Review
Product Release
Security Response Execution
Augmenting Agile Methods with SDL Practices
User Stories
Small Releases and Iterations
Moving People Around
Simplicity
Spike Solutions
Refactoring
Constant Customer Availability
Coding to Standards
Coding the Unit Test First
Pair Programming
Integrating Often
Leaving Optimization Until Last
When a Bug Is Found, a Test Is Created
Summary
References
Bibliography
19. SDL Banned Function Calls
The Banned APIs
Banned String Copy Functions and Replacements
Banned String Concatenation Functions and Replacements
Banned sprintf Functions and Replacements
Banned “n” sprintf Functions and Replacements
Banned Variable Argument sprintf Functions and Replacements
Banned Variable Argument “n” sprintf Functions and Replacements
Banned “n” String Copy Functions and Replacements
Banned “n” String Concatenation Functions and Replacements
Banned String Tokenizing Functions and Replacements
Banned Makepath Functions and Replacements
Banned Splitpath Functions and Replacements
Banned scanf Functions and Replacements
Banned “n” scanf Functions and Replacements
Banned Numeric Conversion Functions and Replacements
Banned gets Functions and Replacements
Banned IsBad* Functions and Replacements
Banned OEM Conversion Functions and Replacements
Banned Stack Dynamic Memory Allocation Functions and Replacements
Banned String Length Functions and Replacements
Why the “n” Functions Are Banned
Important Caveat
Choosing StrSafe vs. Safe CRT
Using StrSafe
StrSafe Example
Using Safe CRT
Safe CRT Example
Other Replacements
Tools Support
ROI and Cost Impact
Metrics and Goals
References
Bibliography
20. SDL Minimum Cryptographic Standards
High-Level Cryptographic Requirements
Cryptographic Technologies vs. Low-Level Cryptographic Algorithms
Use Cryptographic Libraries
Cryptographic Agility
Default to Secure Cryptographic Algorithms
Cryptographic Algorithm Usage
Symmetric Block Ciphers and Key Lengths
Symmetric Stream Ciphers and Key Lengths
Symmetric Algorithm Modes
Asymmetric Algorithms and Key Lengths
Hash Functions
Message Authentication Codes
Data Storage and Random Number Generation
Storing Private Keys and Sensitive Data
Generating Random Numbers and Cryptographic Keys
Generating Random Numbers and Cryptographic Keys from Passwords or Other Keys
References
Bibliography
21. SDL-Required Tools and Compiler Options
Required Tools
PREfast
FxCop
Application Verifier
Minimum Compiler and Build Tool Versions
Unmanaged Compiler Flags
References
Bibliography
22. Threat Tree Patterns
Spoofing an External Entity or a Process
Tampering with a Process
Tampering with a Data Flow
Tampering with a Data Store
Repudiation
Information Disclosure of a Process
Information Disclosure of a Data Flow
Information Disclosure of a Data Store
Denial of Service Against a Process
Denial of Service Against a Data Flow
Denial of Service Against a Data Store
Elevation of Privilege
References
Bibliography
Appendix
Index
About the Authors
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover
Next
Next Chapter
Foreword
The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software
Michael Howard
Steve Lipner
Published by
Microsoft Press
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset