Howard Michael, Lipner Steve. The Security Development Lifecycle

Microsoft Press, 2006. — 348 p. — ISBN: 978-07356-2214-2In The Security Development Lifecycle (SDL), security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.
Topics included:
Enough Is Enough: The Threats Have Change
Current Software Development Methods Fail to Produce Secure Software
A Short History of the SDL at Microsoft
SDL for Managemen
Education and Awareness
Project Inception
Define and Follow Design Best Practices
Product Risk Assessment
Risk Analysis
Creating Security Documents, Tools, and Best Practices for Customers
Secure Coding Policies
Secure Testing Policies
The Security Push
The Final Security Review
Security Response Planning
Product Release
Security Response Execution
Integrating SDL with Agile Methods
SDL Banned Function Calls
SDL Minimum Cryptographic Standards
SDL-Required Tools and Compiler Options
Threat Tree Patterns.