Highest Voted 'sdl' Questions - IT Security Stack Exchange

21

votes

1 answer

Secure Development costs

What case-studies or references are available from companies who have implemented a secure development process (eg, SDL or similar) around the cost/effort involved. Whilst each development department is likely to be a unique case, it is still…

appsec sdl budget

asked May 26 '11 at 13:10

Rory McCune

60,923
14
136
217

21

votes

3 answers

Startup security

I'm running a lean start-up, and I can't afford to pay a dedicated security expert, what types of precautions can I take? These would need to be cheap, simple to implement, and require minimal time investment. To clarify, as this is a start-up we…

appsec sdl agile

asked Nov 12 '10 at 12:49

AviD

72,138
22
136
218

18

votes

2 answers

The Creation of Secure Software Development Environments

[Edit] I did complete an analysis and framework of concepts that were included into my thesis for extensions to existing frameworks. All of the information in this thread was useful. The direct link to an extracted and shortened version of document…

appsec data-leakage sdl

asked Aug 26 '11 at 01:41

iivel

1,583
10
13

11

votes

2 answers

What is considered the simplest (or lightest) secure development lifecycle?

Microsoft has there simplified SDL: "The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development." "The process outlined in this paper sets a minimum threshold for SDL compliance. That said,…

appsec sdl source-code

asked Nov 21 '10 at 08:09

Tate Hansen

13,714
3
40
83

10

votes

6 answers

Are all security requirements expected to be testable?

Many approaches exist to define security requirements. To keep it simple, i would say to define a security requirement, one need to model the threat encountered when building up misuse cases for specific use cases being worked out. Still, at the…

penetration-test sdl requirements

asked Apr 21 '11 at 21:06

Phoenician-Eagle

2,167
16
21

7

votes

2 answers

I am looking for feedback on Secure Development Lifecycle for Scrum that has been tested?

This question is indeed targeting SDL but for Scrum. The A-SDL from Microsoft is nice, but honestly I am not even daring testing it in reality as it seems too academic. I mean what they request for, requires an army of developers! or a dedicated…

appsec sdl agile

asked Nov 22 '10 at 08:24

Phoenician-Eagle

2,167
16
21

7

votes

2 answers

Established Security Design Patterns?

In software engineering, a design pattern is a general reusable solution to a commonly occurring problem within a given context in software design. Wikipedia lists many different design patterns for example, but security is never mentioned. Open…

appsec audit sdl

asked Mar 30 '12 at 12:51

Demento

7,249
5
36
45

6

votes

2 answers

Secure Software Development

I'm researching models on building security into the SDLC and so far have come across: BSIMM Microsoft SDL Open SAMM Are there any other documents and resources to look into? Specific tools that incorporate the principals of these models to help…

code-review threat-modeling sdl threat-mitigation

asked Nov 17 '11 at 20:08

Epoch Win

922
2
7
14

5

votes

1 answer

How do Software Development Processes, OWASP CLASP & MS SDL, and Security Standards fit together?

How do these three concepts fit together: The Software Development Process (SDP) indicates the different phases of creating an application. Well known processes are waterfall, spiral, agile, extreme programming, etc. OWASP Clasp and Microsoft SDL…

iso27000 process sdl

asked May 07 '15 at 15:08

daniel f.

281
1
6

5

votes

1 answer

Data loss protection in software artifacts

Data loss protection is a major concern to every industry. The software engineering process involves multiple points for potential data loss, as a number of parties are involved other than the client and software development team. The list may…

source-code sdl data-leakage

asked Jan 20 '11 at 22:56

Tathagata

213
1
5

2

votes

0 answers

Microsoft Threat Modeling tool: how to avoid Spoofing of Destination Data Store

I have a threat model with a Cloud Storage entity an Managed Application which accesses it. Here is the diagram: The Microsoft Threat Modeling Tool says in the report that: Cloud Storage may be spoofed by an attacker and this may lead to data…

spoofing threat-modeling sdl

asked Mar 23 '17 at 14:22

Gabor Herman

71
1
4

1

vote

1 answer

What would be good resources to conduct Technical Impact Analysis?

As continuing research in Secure Software Development, I found the OWASP Top 10 project list Technical Impact such as: https://www.owasp.org/index.php/Top_10_2010-A1 Similarly, CAPEC list impact in terms of CIA:…

threat-modeling risk-analysis sdl

asked Mar 05 '12 at 15:36

Epoch Win

922
2
7
14

0

votes

1 answer

Micrsoft Threat Modeling Tool 2016 make a bi-directional connect

How do you make to two processes Bi-directional? I see that sometimes when I right click on the MS threat modeling tool that there is a bidirectional option but it is greyed out.

threat-modeling sdl

asked Sep 28 '16 at 15:01

bdawg

187
12

-2

votes

1 answer

Is ETSI TVRA a risk assessment or threat modeling tool?

Is ETSI TVRA TS 102 153 165-1 a risk assessment tool or threat modeling tool? And what's the justification? The purpose of the question is to be able to answer if TVRA is suitable to be mapped to Microsoft's SDL and at which practice ("PRACTICE #4:…

risk-analysis threat-modeling sdl

asked Sep 05 '16 at 19:04

MFM

1
1

Questions tagged [sdl]