The Security Development Lifecycle (SDL) consists of a set of practices that support security assurance and compliance requirements. The SDL helps developers build more secure software by reducing the number and severity of vulnerabilities in software, while reducing development cost.
Practice #1 - Provide Training
Practice #2 - Define Security Requirements
Practice #3 - Define Metrics and Compliance Reporting
Practice #4 - Perform Threat Modeling
Practice #5 - Establish Design Requirements
Practice #6 - Define and Use Cryptography Standards
Practice #7 - Manage the Security Risk of Using Third-Party Components
Practice #8 - Use Approved Tools
Practice #9 - Perform Static Analysis Security Testing (SAST)
Practice #10 - Perform Dynamic Analysis Security Testing (DAST)
Practice #11 - Perform Penetration Testing
Practice #12 - Establish a Standard Incident Response Process
