Security Development Lifecycle

The Microsoft Security Development Lifecycle (SDL) is the industry-leading software security assurance process created by Microsoft and proven effective since 2004.  Combining a holistic and practical approach, SDL introduces security and privacy early and throughout the development process.  Implementation of the SDL at Microsoft has shown a proven reduction in security vulnerabilities for major applications and operating systems.  The standard seven phase SDL process is shown below.

The SDL Pro Network is a group of security consultants, training companies, and tool providers that specialize in application security and have substantial experience and expertise with the methodology and technologies of the SDL. Accuvant LABS offers end to end SDL reviews that can cover an entire product team or development organization in addition to individual services that cover all phases of the SDL:

  • Training - Secure coding, including design analysis and threat modeling, as well as application security assessment.
  • Requirements and Design - Threat modeling, architecture and design review, regulatory and risk analysis.
  • Implementation - Tool selection and implementation support, coding standard development and secure code reviews.
  • Verification - Dynamic application testing, which typically includes fuzz testing and attack surface reviews.
  • Release - Final Security Review assessments and response plan development.
  • Response - Response services including attack analysis, vulnerability reverse engineering, and code remediation.

For more information on the SDL, please visit www.microsoft.com/sdl

Please contact labs@accuvant.com for more information on SDL related services.