What are the Microsoft Security Development Lifecycle (SDL) practices?

[Andrezj]

Microsoft Security Development Lifecycle Practices

Learn about the secure development practices Microsoft uses.

www.microsoft.com

The Security Development Lifecycle (SDL) consists of a set of practices that support security assurance and compliance requirements. The SDL helps developers build more secure software by reducing the number and severity of vulnerabilities in software, while reducing development cost.

Practice #1 - Provide Training​

Practice #2 - Define Security Requirements​

Practice #3 - Define Metrics and Compliance Reporting​

Practice #4 - Perform Threat Modeling​

Practice #5 - Establish Design Requirements​

Practice #6 - Define and Use Cryptography Standards​

Practice #7 - Manage the Security Risk of Using Third-Party Components​

Practice #8 - Use Approved Tools​

Practice #9 - Perform Static Analysis Security Testing (SAST)​

Practice #10 - Perform Dynamic Analysis Security Testing (DAST)​

Practice #11 - Perform Penetration Testing​

Practice #12 - Establish a Standard Incident Response Process​