Microsoft SDL Resources

Microsoft SDL Home site - http://www.microsoft.com/security/sdl/default.aspx SDL Blog http://blogs.msdn.com/b/sdl/ Anirudh Security Blog - http://blogs.technet.com/b/anirudh SDL Forums http://social.msdn.microsoft.com/Forums/en-in/sdlprocess/threads (A
forum for discussing the Microsoft SDL Process and guidance.)

Social Connect - Like us on www.facebook.com/msdnindia Microsoft SDL - Developer Starter Kit The Microsoft SDL - Developer Starter Kit provides a comprehensive compilation of baseline developer security training materials on the following core Microsoft Security Development Lifecycle (SDL) topics: a) Secure design principles; b) Secure implementation principles; c) Secure verification principles; d) SQL injection; e) cross-site scripting; f) Code analysis; g) Banned application programming interfaces (APIs); h) Buffer overflows; i) Source code annotation language; j) Security code review; k) Compiler defenses; l) Fuzz testing; m) Microsoft SDL threat modeling principles; and n) The Microsoft SDL threat modeling tool. Each set of guidance contains Microsoft Office PowerPoint slides, speaker notes, trainthe-trainer audio files, and sample comprehension questions. All materials have limited formatting so that you can leverage the content to achieve broader, enhanced adoption of Microsoft SDL principles in your development organization.

Download Here!

Must read Books on SDL Michael Howard and Steve Lipner, The Security Development Lifecycle, Microsoft Press, Redmond, Washington, 2006 Michael Howard and Steve Lipner, Writing Secure Code, Second Edition, Microsoft Press, Redmond, Washington, 2003 24 Deadly Sins Of Software Security: Programming Flaws And How To Fix Them by Michael Howard, David Leblanc, John Viega

Whitepapers Paper on Fundamental Practices for Secure Software Development by SAFECode The SDL Progress Report a decade of innovation Return on Investment (ROI) and Secure Application Development: Can a holistic approach save money and increase productivity? It's Really Only 16 Security Practices - Implementation Guidance Included! Simplified Implementation of the Microsoft SDL - This document illustrates the core concepts of the Microsoft Security Development Lifecycle (SDL) and discusses the individual security activities that should be performed in order to follow the SDL process. The Simplified SDL guidance is also available under an Excel spreadsheet format. State of Application Security: Immature Practices Fuel Inefficiencies, but Positive ROI Is Attainable - A Forrester Consulting Thought Leadership Paper Commissioned by Microsoft

Case Studies The SDL Chronicles How an Engineering Culture Change Driven by Security Needs Paid Off

SDL Publications SDL Threat Modeling Tool 3.1.8

Microsoft Security Development Lifecycle (SDL) Process Guidance - Version 5.0 Essential Software Security Training for the Microsoft SDL Quick Security Reference - Cross-Site Scripting Quick Security Reference - Exposure of Sensitive Information Quick Security Reference - SQL Injection MSF-Agile plus Security Development Lifecycle Process Template for VS 2010 Microsoft Code Analysis Tool .NET (CAT.NET) v1 CTP - 32 bit SDL and PCI DSS/PA-DSS - Aligning the Microsoft SDL with PCI DSS/PCI PA-DSS Compliance Activity Microsoft SDL Process Template for Visual Studio Team System

For a Comprehensive list SDL Resources, refer to http://www.microsoft.com/security/sdl/resources/publications.aspx