Copyright © Microsoft Corp 2006 The Security Development Lifecycle Eric Bidstrup, CISSP Group Program Manager Security Engineering and Communication.

Slides:



Advertisements
Similar presentations
Patch Management Patch Management in a Windows based environment
Advertisements

Best Practices. Introduction Steve Mitas President of The Mitas Group, Inc 1575 Heritage Dr, Suite 300 McKinney, TX Tel: Fax:
Building More Secure Applications Dave Glover Developer Solutions Specialist Microsoft Australia Blog:
12 November 2009 Bryan Sullivan Senior Security Program Manager, Microsoft SDL.
1 The Database Application Development Process The Database Application Development Process.
WCL317 Disclaimer The information in this presentation relates to a pre-released product which may be substantially modified before it’s commercially.
Copyright © Microsoft Corp 2006 Introduction to Security Testing Shawn Hernan Security Program Manager Security Engineering and Communication.
Tom Sheridan IT Director Gas Technology Institute (GTI)
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Software Security Testing by Gary McGraw, Bruce Potter presented by Edward Bonver 11/07/2005.
Nu Project Management Office A web based tool to Manage Projects.
Won HuhProduct Marketing Manager Symon PerrimanSenior Technical Evangelist.
Tech·Ed North America /19/2017 6:02 AM
Supervisor: Mr. Huynh Anh Dung Students: To Quang Duy Pham Ngoc Tien Nguyen Luong Ngoc Chau Nguyen Hoang Phuc Nguyen Thi Trang.
Microsoft Cloud Services Training and Certification Presented by Name Goes Here, Title.
Supervisor: Mr. Huynh Anh Dung Students: To Quang Duy Pham Ngoc Tien Nguyen Luong Ngoc Chau Nguyen Hoang Phuc Nguyen Thi Trang.
Team System Adoption Martin Woodward Teamprise. Visual Studio Editions Easy to use, easy to learn, easy to acquire tools for hobbyists, enthusiasts, and.
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
MSDN Webcast - SDL Process. Agenda  Fuzzing & The SDL  Integration of fuzzing  Importance of fuzzing Michael Eddington Déjà vu Security
Lean and (Prepared for) Mean: Application Security Program Essentials Philip J. Beyer - Texas Education Agency John B. Dickson.
The Problem with Good Enough Software Bj Rollison Test Training Manager Microsoft, Inc.
Installing the Microsoft Office Project Server from Scratch Adrian Jenkins Supportability Program Manager Microsoft Corporation.
Applying the Secure Development Lifecycle to the WCF
(ISC)2 SecureLondon 2009, London, United Kingdom This information is not intended, and should not be construed, as an offer to sell, or as a solicitation.
Using the WDK for Windows Logo and Signature Testing Craig Rowland Program Manager Windows Driver Kits Microsoft Corporation.
Software Testing Life Cycle
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
Adam Shostack Senior Program Manager Security Engineering & Communications Sue Glueck Senior Privacy Attorney Microsoft Corporation.
Software Assurance Session 15 INFM 603. Bug hunting vs. vulnerability spotting Bugs are your code not behaving as you designed it. Many can be found by.
The Trustworthy Computing Security Development Lifecycle Steve Lipner Director of Security Engineering Strategy Security Business and Technology Unit.
E Copyright © 2004, Oracle. All rights reserved. Next Steps Continuing your education.
Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.
Adam L. Jacobs, CISSP Principal Program Manager, Oracle 15/16 November 2005 Why is Commercial Software So Vulnerable (and How Can We Fix It)?
A Scientific Approach to Software Security Dennis Fisher May 15, 2012 The Kaspersky Lab Security News Service.
Copyright © Microsoft Corp 2006 Pragmatic Secure Design: Attack Surface Reduction Shawn Hernan Security Program Manager Security Engineering and Communication.
Threat Modeling: Security Development Lifecycle Tyrell Flurry Jeff Thomas Akhil Oniha.
Security Development Lifecycle: Changing the Software Development Process to build in Security from the start Eric Bidstrup Ellen Cram Kowalczyk Security.
Microsoft Security Development Lifecycle
Software Testing. What is Testing? The process consisting of all life cycle activities, both static and dynamic, concerned with planning, preparation.
Z4 Technologies vs Microsoft Corp. and Autodesk Inc. Bernardo de Seabra Computer Science UC Berkeley September 22 nd, 2008 IEOR 190G –
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Sudesh Krishnamoorthy Developer Technology Specialist | Microsoft |
Mario D’Silva National Technology Specialists Unified Communications UNC307.
Security Development Life Cycle Baking Security into Development September 2010.
DEV311 Delving into Visual Studio 2005 Team Edition for Software Testers Ed Glas Group Manager, Web and Load Testing Microsoft Corporation.
Supervisor: Mr. Huynh Anh Dung Students: To Quang Duy Pham Ngoc Tien Nguyen Luong Ngoc Chau Nguyen Hoang Phuc Nguyen Thi Trang.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
Connect with life Tejasvi Kumar Developer Technology Specialist | Microsoft India
D Copyright © 2006, Oracle. All rights reserved. Further Training and Product Resources.
How We Got Here PC and Internet changed the rules –Viruses, information sharing, “outside” and “inside” indistinguishable –Vulnerability research for.
Unit 6 Application Design KLB Assignment.
7/17/2018 8:17 AM Privacy and Security by Design: How Microsoft Builds Privacy and Security into Software and Online Services Adam Shostack Senior Program.
The Microsoft® Security Development Lifecycle (SDL)
Microsoft’s Security Strategy
What is user acceptance testing and how is it different than system testing Kusum daga.
درس تطبيقي مادة التربية الفنية للصف الرابع الابتدائي
Getting Started with PowerShell Desired State Configuration (DSC)
MAP & ACT Pre deployment planning for Windows 7 or Server 2008 R2
Security at the Source.
4/20/ :00 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Презентация құру тәсілдері
Шаттық шеңбері.
Albeado - Enabling Smart Energy
Security in the Real World – Plenary Day One
Welcome to Architect Insight 2010
Steve Lipner Executive Director, SAFECode 16 May 2019
Microsoft O365 and NHS Ben Lopez
11/1/2019 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Presentation transcript:

Copyright © Microsoft Corp 2006 The Security Development Lifecycle Eric Bidstrup, CISSP Group Program Manager Security Engineering and Communication

2 Copyright © Microsoft Corp 2006 Security Training Security Kickoff & Register with SWI Security Design Best Practices Security Arch & Attack Surface Review Use Security Development Tools & Security Best Dev & Test Practices Create Security Docs and Tools For Product Prepare Security Response Plan Security Push Pen Testing Final Security Review Security Servicing & Response Execution RequirementsDesignImplementationVerificationRelease Support & Servicing Security Deployment Lifecycle Tasks and Processes Threat Modeling

3 Copyright © Microsoft Corp 2006 Very Encouraging Results! Windows 2000 vs Windows Server 2003 Office 2000 vs Office 2003 Windows XPSP1 vs Windows XPSP2 Exchange 2000 vs Exchange 2003

4 Copyright © Microsoft Corp 2006 Very Encouraging Results! Over 50% reduction in vulnerabilities IIS5 vs IIS6 SQL Server 2000 vs SQL Server 2000 SP3 IE6 vs IE6 SP2

5 Copyright © Microsoft Corp 2006 “We actually consider Microsoft to be leading the software [industry] now in improvements in their security development life cycle [SDL].” John Pescatore Vice President and Distinguished Analyst Gartner, Inc (From CRN, Feb 13 th 2006) Security Development Lifecycle Demonstrating Results

6 Copyright © Microsoft Corp 2006 Secure Products requires Process Improvement Simply “looking for bugs” doesn’t make software secure You must reduce the chance defects are entered into the design and code Requires Executive commitment Education Ongoing improvement

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.