did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780735622142

The Security Development Lifecycle

by ;
  • ISBN13:

    9780735622142

  • ISBN10:

    0735622140

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2006-05-31
  • Publisher: Microsoft Press
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $34.99

Summary

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugsthe Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDLfrom education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.Discover how to: Use a streamlined risk-analysis process to find security design issues before code is committed Apply secure-coding best practices and a proven testing process Conduct a final security review before a product ships Arm customers with prescriptive guidance to configure and deploy your product more securely Establish a plan to respond to new security vulnerabilities Integrate security discipline into agile methods and processes, such as Extreme Programming and ScrumIncludes a CD featuring: A six-part security class video conducted by the authors and other Microsoft security experts Sample SDL documents and fuzz testing toolPLUSGet book updates on the Web.

Author Biography

Steve Lipner, CISSP, is the senior director of Security Engineering Strategy for Microsoft. He is responsible for defining and updating the Security Development Lifecycle and has pioneered numerous security techniques. Steve has over 35 years’ experience as a researcher, development manager, and general manager in IT security.

Table of Contents

Foreword xv
Introduction xvii
Why Should You Read This Book? xviii
Organization of This Book xviii
Part I, ``The Need for the SDL'' xviii
Part II, ``The Security Development Lifecycle Process'' xviii
Part III, ``SDL Reference Material'' xviii
The Future Evolution of the SDL xix
What's on the Companion Disc? xix
System Requirements xx
Acknowledgments xx
References xxi
Part I The Need for the SDL
Enough Is Enough: The Threats Have Changed
3(14)
Worlds of Security and Privacy Collide
5(3)
Another Factor That Influences Security: Reliability
8(2)
It's Really About Quality
10(1)
Why Major Software Vendors Should Create More Secure Software
11(1)
A Challenge to Large ISVs
12(1)
Why In-House Software Developers Should Create More Secure Software
12(1)
Why Small Software Developers Should Create More Secure Software
12(1)
Summary
13(1)
References
13(4)
Current Software Development Methods Fail to Produce Secure Software
17(10)
``Given enough eyeballs, all bugs are shallow''
18(3)
Incentive to Review Code
18(1)
Understanding Security Bugs
19(1)
Critical Mass
19(1)
``Many Eyeballs'' Misses the Point Altogether
20(1)
Proprietary Software Development Methods
21(1)
CMMI, TSP, and PSP
22(1)
Agile Development Methods
22(1)
Common Criteria
22(1)
Summary
23(1)
References
24(3)
A Short History of the SDL at Microsoft
27(14)
First Steps
27(2)
New Threats, New Responses
29(1)
Windows 2000 and the Secure Windows Initiative
30(2)
Seeking Scalability: Through Windows XP
32(1)
Security Pushes and Final Security Reviews
33(3)
Formalizing the Security Development Lifecycle
36(1)
A Continuing Challenge
37(1)
References
38(3)
SDL for Management
41(14)
Commitment for Success
41(7)
Commitment at Microsoft
41(2)
Is the SDL Necessary for You?
43(2)
Effective Commitment
45(3)
Managing the SDL
48(3)
Resources
48(2)
Is the Project on Track?
50(1)
Summary
51(1)
References
51(4)
Part II The Security Development Lifecycle Process
Stage 0: Education and Awareness
55(12)
A Short History of Security Education at Microsoft
56(2)
Ongoing Education
58(2)
Types of Training Delivery
60(1)
Exercises and Labs
61(1)
Tracking Attendance and Compliance
62(1)
Other Compliance Ideas
62(1)
Measuring Knowledge
63(1)
Implementing Your Own In-House Training
63(1)
Creating Education Materials ``On a Budget''
64(1)
Key Success Factors and Metrics
64(1)
Summary
65(1)
References
65(2)
Stage 1: Project Inception
67(8)
Determine Whether the Application Is Covered by SDL
67(1)
Assign the Security Advisor
68(3)
Act as a Point of Contact Between the Development Team and the Security Team
69(1)
Holding an SDL Kick-Off Meeting for the Development Team
70(1)
Holding Design and Threat Model Reviews with the Development Team
70(1)
Analyzing and Triaging Security-Related and Privacy-Related Bugs
70(1)
Acting as a Security Sounding Board for the Development Team
71(1)
Preparing the Development Team for the Final Security Review
71(1)
Working with the Reactive Security Team
71(1)
Build the Security Leadership Team
71(1)
Make Sure the Bug-Tracking Process Includes Security and Privacy Bug Fields
72(2)
Determine the ``Bug Bar''
74(1)
Summary
74(1)
References
74(1)
Stage 2: Define and Follow Design Best Practices
75(18)
Common Secure-Design Principles
76(2)
Attack Surface Analysis and Attack Surface Reduction
78(11)
Step 1: Is This Feature Really That Important?
81(1)
Step 2: Who Needs Access to the Functionality and from Where?
82(1)
Step 3: Reduce Privilege
83(2)
More Attack Surface Elements
85(4)
Summary
89(1)
References
90(3)
Stage 3: Product Risk Assessment
93(8)
Security Risk Assessment
94(2)
Setup Questions
94(1)
Attack Surface Questions
94(1)
Mobile-Code Questions
95(1)
Security Feature-Related Questions
95(1)
General Questions
95(1)
Analyzing the Questionnaire
96(1)
Privacy Impact Rating
96(2)
Privacy Ranking 1
98(1)
Privacy Ranking 2
98(1)
Privacy Ranking 3
98(1)
Pulling It All Together
98(1)
Summary
99(1)
References
99(2)
Stage 4: Risk Analysis
101(32)
Threat-Modeling Artifacts
103(1)
What to Model
104(1)
Building the Threat Model
104(1)
The Threat-Modeling Process
105(23)
Define Use Scenarios
105(1)
Gather a List of External Dependencies
106(1)
Define Security Assumptions
106(1)
Create External Security Notes
107(3)
Create One or More DFDs of the Application Being Modeled
110(4)
Determine Threat Types
114(2)
Identify Threats to the System
116(5)
Determine Risk
121(3)
Plan Mitigations
124(4)
Using a Threat Model to Aid Code Review
128(1)
Using a Threat Model to Aid Testing
129(1)
Key Success Factors and Metrics
129(1)
Summary
130(1)
References
130(3)
Stage 5: Creating Security Documents, Tools, and Best Practices for Customers
133(10)
Why Documentation and Tools?
135(1)
Creating Prescriptive Security Best Practice Documentation
135(4)
Setup Documentation
136(1)
Mainline Product Use Documentation
136(2)
Help Documentation
138(1)
Developer Documentation
138(1)
Creating Tools
139(1)
Summary
140(1)
References
140(3)
Stage 6: Secure Coding Policies
143(10)
Use the Latest Compiler and Supporting Tool Versions
143(1)
Use Defenses Added by the Compiler
144(1)
Buffer Security Check: /GS
144(1)
Safe Exception Handling: /SAFESEH
144(1)
Compatibility with Data Execution Prevention: /NXCOMPAT
145(1)
Use Source-Code Analysis Tools
145(3)
Source-Code Analysis Tool Traps
145(1)
Benefits of Source-Code Analysis Tools
146(2)
Do Not Use Banned Functions
148(1)
Reduce Potentially Exploitable Coding Constructs or Designs
149(1)
Use a Secure Coding Checklist
150(1)
Summary
150(1)
References
150(3)
Stage 7: Secure Testing Policies
153(16)
Fuzz Testing
153(11)
Penetration Testing
164(1)
Run-Time Verification
165(1)
Reviewing and Updating Threat Models If Needed
165(1)
Reevaluating the Attack Surface of the Software
166(1)
Summary
166(1)
References
166(3)
Stage 8: The Security Push
169(12)
Preparing for the Security Push
170(1)
Push Duration
171(1)
Training
171(1)
Code Reviews
172(2)
Executable-File Owners
174(1)
Threat Model Updates
174(1)
Security Testing
175(1)
Attack-Surface Scrub
175(1)
Documentation Scrub
176(1)
Are We Done Yet?
177(1)
Summary
178(1)
References
179(2)
Stage 9: The Final Security Review
181(6)
Product Team Coordination
182(1)
Threat Models Review
182(1)
Unfixed Security Bugs Review
183(1)
Tools-Use Validation
184(1)
After the Final Security Review Is Completed
184(1)
Handling Exceptions
184(1)
Summary
185(2)
Stage 10: Security Response Planning
187(28)
Why Prepare to Respond?
187(3)
Your Development Team Will Make Mistakes
187(1)
New Kinds of Vulnerabilities Will Appear
188(1)
Rules Will Change
189(1)
Preparing to Respond
190(18)
Building a Security Response Center
191(17)
Security Response and the Development Team
208(5)
Create Your Response Team
208(1)
Support Your Entire Product
209(1)
Support All Your Customers
210(1)
Make Your Product Updatable
211(1)
Find the Vulnerabilities Before the Researchers Do
212(1)
Summary
213(1)
References
213(2)
Stage 11: Product Release
215(2)
References
215(2)
Stage 12: Security Response Execution
217(8)
Following Your Plan
217(3)
Stay Cool
217(1)
Take Your Time
218(1)
Watch for Events That Might Change Your Plans
219(1)
Follow Your Plan
220(1)
Making It Up as You Go
220(1)
Know Whom to Call
220(1)
Be Able to Build an Update
220(1)
Be Able to Install an Update
221(1)
Know the Priorities When Inventing Your Process
221(1)
Knowing What to Skip
221(1)
Summary
222(1)
References
222(3)
Part III SDL Reference Material
Integrating SDL with Agile Methods
225(16)
Using SDL Practices with Agile Methods
226(8)
Security Education
226(1)
Project Inception
226(1)
Establishing and Following Design Best Practices
227(1)
Risk Analysis
227(2)
Creating Security Documents, Tools, and Best Practices for Customers
229(1)
Secure Coding and Testing Policies
229(2)
Security Push
231(1)
Final Security Review
232(1)
Product Release
233(1)
Security Response Execution
233(1)
Augmenting Agile Methods with SDL Practices
234(5)
User Stories
235(1)
Small Releases and Iterations
236(1)
Moving People Around
236(1)
Simplicity
236(1)
Spike Solutions
236(1)
Refactoring
237(1)
Constant Customer Availability
237(1)
Coding to Standards
237(1)
Coding the Unit Test First
238(1)
Pair Programming
238(1)
Integrating Often
238(1)
Leaving Optimization Until Last
238(1)
When a Bug Is Found a Test Is Created
239(1)
Summary
239(1)
References
239(2)
SDL Banned Function Calls
241(10)
The Banned APIs
242(3)
Why the ``n'' Functions Are Banned
245(1)
Important Caveat
246(1)
Choosing StrSafe vs. Safe CRT
246(1)
Using StrSafe
246(1)
StrSafe Example
247(1)
Using Safe CRT
247(1)
Safe CRT Example
248(1)
Other Replacements
248(1)
Tools Support
248(1)
ROI and Cost Impact
249(1)
Metrics and Goals
249(1)
References
249(2)
SDL Minimum Cryptographic Standards
251(8)
High-Level Cryptographic Requirements
251(2)
Cryptographic Technologies vs. Low-Level Cryptographic Algorithms
251(1)
Use Cryptographic Libraries
252(1)
Cryptographic Agility
252(1)
Default to Secure Cryptographic Algorithms
253(1)
Cryptographic Algorithm Usage
253(3)
Symmetric Block Ciphers and Key Lengths
254(1)
Symmetric Stream Ciphers and Key Lengths
254(1)
Symmetric Algorithm Modes
255(1)
Asymmetric Algorithms and Key Lengths
255(1)
Hash Functions
255(1)
Message Authentication Codes
256(1)
Data Storage and Random Number Generation
256(1)
Storing Private Keys and Sensitive Data
256(1)
Generating Random Numbers and Cryptographic Keys
257(1)
Generating Random Numbers and Cryptographic Keys from Passwords or Other Keys
257(1)
References
257(2)
SDL-Required Tools and Compiler Options
259(10)
Required Tools
259(9)
PREfast
259(4)
FxCop
263(2)
Application Verifier
265(2)
Minimum Compiler and Build Tool Versions
267(1)
References
268(1)
Threat Tree Patterns
269(22)
Spoofing an External Entity or a Process
271(2)
Tampering with a Process
273(1)
Tampering with a Data Flow
274(2)
Tampering with a Data Store
276(2)
Repudiation
278(2)
Information Disclosure of a Process
280(1)
Information Disclosure of a Data Flow
281(1)
Information Disclosure of a Data Store
282(2)
Denial of Service Against a Process
284(1)
Denial of Service Against a Data Flow
285(1)
Denial of Service Against a Data Store
286(1)
Elevation of Privilege
287(1)
References
288(3)
Index 291

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program