By Michael Howard, Steve LipnerPublished by Microsoft Press (http://oreilly.com/catalog/9780735622142)Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugsthe Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDLfrom education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization. Discover how to:Use a streamlined risk-analysis process to find security design issues before code is committedApply secure-coding best practices and a proven testing process Conduct a final security review before a product shipsArm customers with prescriptive guidance to configure and deploy your product more securelyEstablish a plan to respond to new security vulnerabilitiesIntegrate security discipline into agile methods and processes, such as Extreme Programming and ScrumIncludes a CD featuring:A six-part security class video conducted by the authors and other Microsoft security expertsSample SDL documents and fuzz testing toolPLUSGet book updates on the Web.All CD, DVD, and other supplemental content related to this app can be accessed for free at: http://examples.oreilly.com/9780735622142/.Superb Reading Features* Full book text search* Several fonts and themes to choose from* Built-in dictionary* The ability to add annotations* Landscape view* Extensive cross-referencing and working hyperlinks* Zoom function for images and screenshotsAbout LexcycleLexcycle is the creator of Stanza Bookbinder which was used to create this standalone book application. Stanza Bookbinder is based on the popular iPhone Ebook reading application, Stanza. For more information about Stanza, visit www.lexcycle.com.
