What are the Microsoft Security Development Lifecycle (SDL) practices?

Andrezj · Jan 23, 2023

Microsoft Security Development Lifecycle Practices

Learn about the secure development practices Microsoft uses.

www.microsoft.com

The Security Development Lifecycle (SDL) consists of a set of practices that support security assurance and compliance requirements. The SDL helps developers build more secure software by reducing the number and severity of vulnerabilities in software, while reducing development cost.

Practice #1 - Provide Training
Practice #2 - Define Security Requirements
Practice #3 - Define Metrics and Compliance Reporting
Practice #4 - Perform Threat Modeling
Practice #5 - Establish Design Requirements
Practice #6 - Define and Use Cryptography Standards
Practice #7 - Manage the Security Risk of Using Third-Party Components
Practice #8 - Use Approved Tools
Practice #9 - Perform Static Analysis Security Testing (SAST)
Practice #10 - Perform Dynamic Analysis Security Testing (DAST)
Practice #11 - Perform Penetration Testing
Practice #12 - Establish a Standard Incident Response Process

Search

What are the Microsoft Security Development Lifecycle (SDL) practices?

Andrezj

Level 6

Microsoft Security Development Lifecycle Practices

Practice #1 - Provide Training

Practice #2 - Define Security Requirements

Practice #3 - Define Metrics and Compliance Reporting

Practice #4 - Perform Threat Modeling

Practice #5 - Establish Design Requirements

Practice #6 - Define and Use Cryptography Standards

Practice #7 - Manage the Security Risk of Using Third-Party Components

Practice #8 - Use Approved Tools

Practice #9 - Perform Static Analysis Security Testing (SAST)

Practice #10 - Perform Dynamic Analysis Security Testing (DAST)

Practice #11 - Perform Penetration Testing

Practice #12 - Establish a Standard Incident Response Process

Similar threads

What are the Microsoft Security Development Lifecycle (SDL) practices?

Andrezj

Level 6

Microsoft Security Development Lifecycle Practices

Practice #1 - Provide Training​

Practice #2 - Define Security Requirements​

Practice #3 - Define Metrics and Compliance Reporting​

Practice #4 - Perform Threat Modeling​

Practice #5 - Establish Design Requirements​

Practice #6 - Define and Use Cryptography Standards​

Practice #7 - Manage the Security Risk of Using Third-Party Components​

Practice #8 - Use Approved Tools​

Practice #9 - Perform Static Analysis Security Testing (SAST)​

Practice #10 - Perform Dynamic Analysis Security Testing (DAST)​

Practice #11 - Perform Penetration Testing​

Practice #12 - Establish a Standard Incident Response Process​

Similar threads

Practice #1 - Provide Training

Practice #2 - Define Security Requirements

Practice #3 - Define Metrics and Compliance Reporting

Practice #4 - Perform Threat Modeling

Practice #5 - Establish Design Requirements

Practice #6 - Define and Use Cryptography Standards

Practice #7 - Manage the Security Risk of Using Third-Party Components

Practice #8 - Use Approved Tools

Practice #9 - Perform Static Analysis Security Testing (SAST)

Practice #10 - Perform Dynamic Analysis Security Testing (DAST)

Practice #11 - Perform Penetration Testing

Practice #12 - Establish a Standard Incident Response Process