Buy used:
$13.99
Delivery Thursday, July 4. Order within 10 hrs 5 mins
Or fastest delivery Wednesday, June 19
Used: Very Good | Details
Sold by Burlington MA- Used Book Superstore -new books too
Fulfilled by Amazon
Condition: Used: Very Good
Comment: A typical used book in Very Good condition. It shows light use with some slight noticeable wear. No markings on pages (other than possibly previous owner's name/note or remainder mark on edge). We carefully inspected this book and pages are unmarked and binding is intact. Comes with Super Fast Shipping – usually leaves warehouse within 24 hours. Professional packaging with tracking number and 24/7 customer service provided at no additional cost. 100% satisfaction guaranteed with every purchase!

Fulfillment by Amazon (FBA) is a service we offer sellers that lets them store their products in Amazon's fulfillment centers, and we directly pack, ship, and provide customer service for these products. Something we hope you'll especially enjoy: FBA items qualify for FREE Shipping and Amazon Prime.

If you're a seller, Fulfillment by Amazon can help you grow your business. Learn more about the program.

Access codes and supplements are not guaranteed with used items.
Added to

Sorry, there was a problem.

There was an error retrieving your Wish Lists. Please try again.

Sorry, there was a problem.

List unavailable.
Other sellers on Amazon
New & Used (11) from   $8.30
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the author

Michael Howard
Follow
Something went wrong. Please try your request again later.

The Security Development Lifecycle 1st Edition

by Michael Howard (Author), Steve Lipner (Author)
4.2 4.2 out of 5 stars 13 ratings
See all formats and editions

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs—the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.

Discover how to:

  • Use a streamlined risk-analysis process to find security design issues before code is committed
  • Apply secure-coding best practices and a proven testing process
  • Conduct a final security review before a product ships
  • Arm customers with prescriptive guidance to configure and deploy your product more securely
  • Establish a plan to respond to new security vulnerabilities
  • Integrate security discipline into agile methods and processes, such as Extreme Programming and Scrum

Includes a CD featuring:

  • A six-part security class video conducted by the authors and other Microsoft security experts
  • Sample SDL documents and fuzz testing tool

PLUS—Get book updates on the Web.

A Note Regarding the CD or DVD

The print version of this book ships with a CD or DVD. For those customers purchasing one of the digital formats in which this book is available, we are pleased to offer the CD/DVD content as a free download via O'Reilly Media's Digital Distribution services. To download this content, please visit O'Reilly's web site, search for the title of this book to find its catalog page, and click on the link below the cover image (Examples, Companion Content, or Practice Files). Note that while we provide as much of the media content as we are able via free download, we are sometimes limited by licensing restrictions. Please direct any questions or concerns to booktech@oreilly.com.

Previous slide of product details
  1. ISBN-10
    9780735622142
  2. ISBN-13
    978-0735622142
  3. Edition
    1st
  4. Publisher
    Microsoft Press
  5. Publication date
    June 28, 2006
  6. Language
    English
  7. Dimensions
    7.38 x 1.25 x 9 inches
  8. Print length
    352 pages
  9. See all details
Next slide of product details

Editorial Reviews

From the Publisher

The software industry is clamoring to learn more about the SDL methodology. With insights direct from Microsoft’s security team, where these techniques have been developed and proven to help reduce code defects, this book premieres SDL to a worldwide audience and is the first to detail the methodology stage by stage.

Key Book Benefits:

• Delivers practical, proven advice from the experts for minimizing security-related code defects

• Details a methodology that can be applied to any development process, with outstanding results

• Includes a CD-ROM with video training classes for developers conducted by coauthor Michael Howard, a security program manager at Microsoft

About the Author

Michael Howard, CISSP, is a leading security expert. He is a senior security program manager at Microsoft® and the coauthor of The Software Security Development Lifecycle. Michael has worked on Windows security since 1992 and now focuses on secure design, programming, and testing techniques. He is the consulting editor for the Secure Software Development Series of books by Microsoft Press.

Steve Lipner, CISSP, is the senior director of Security Engineering Strategy for Microsoft. He is responsible for defining and updating the Security Development Lifecycle and has pioneered numerous security techniques. Steve has over 35 years’ experience as a researcher, development manager, and general manager in IT security.

Product details

  • ASIN ‏ : ‎ 0735622140
  • Publisher ‏ : ‎ Microsoft Press; 1st edition (June 28, 2006)
  • Language ‏ : ‎ English
  • Paperback ‏ : ‎ 352 pages
  • ISBN-10 ‏ : ‎ 9780735622142
  • ISBN-13 ‏ : ‎ 978-0735622142
  • Item Weight ‏ : ‎ 1.55 pounds
  • Dimensions ‏ : ‎ 7.38 x 1.25 x 9 inches
  • Customer Reviews:
    4.2 4.2 out of 5 stars 13 ratings

About the author

Follow authors to get new release updates, plus improved recommendations.
Michael Howard

Michael Howard

Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Discover more of the author’s books, see similar authors, read author blogs and more

Customer reviews

4.2 out of 5 stars
4.2 out of 5
13 global ratings

Top reviews from the United States

W. Conklin
5.0 out of 5 stars The Chip Leader shows his strategy
Reviewed in the United States on October 6, 2006
Verified Purchase
This book is a wonderful glimpse behind the curtain at one of the most advanced software development firms in the world. Renowned for hiring the best and the brightest, this book shows how they learned to do development in a smarter and more efficient manner. Some people may consider a SDL to be overkill, but the evidence presented is clear; if you want an efficient, effective process for meeting customer requirements, one must consider and address security. And this book is the how-to companion to the other great titles associated with Microsoft and secure coding. Whereas Writing Secure Code, Second Edition, focuses on technical detail, this book focuses on the process that enables developer to achieve the technical details.

This book is the project manager's guide to how it should be done. How to set up your development processes so that better developers can contribute in an effective fashion towards making better software. For some, there are no new secrets revealed in this book, but I know of no other source with all this information together in one place. And it comes with a bonus - the material has been tested and proven at the world's largest developer group. And in this case, bigger is not easier, but much harder - decentralized bureaucracies and business unit independence aside, it works at Microsoft, and as it gets further embedded into their processes and systems, the future for this methodology looks better and better.

Thank you Mike Howard and Steve Lipner for finishing the story. First we learn what to do (Writing Secure Code), now you let us know how to get it done (The Security Development Lifecycle). This may not be the perfect book, but then, I've yet to see that one. This book does advance the management side of the state-of-the-art light years forward, into the current century. This book is the textbook for the process side of software engineering in my classes, and I look forward to future editions and more details from behind the curtain.
2 people found this helpful
Helpful
 Report
JayDeeKay
5.0 out of 5 stars The definitive work on secure software
Reviewed in the United States on March 20, 2013
Verified Purchase
Well ten with many excellent examples.

This is the place to start if you're interested in developing secure software or reviewing systems for security and re3liability.
Helpful
 Report
John Matlock
5.0 out of 5 stars Managerial View of the Microsoft Approach to Security
Reviewed in the United States on September 26, 2006
As is well known, Microsoft software has been known in the past for producing software that had numerous problems in the security area. It finally became so obvious that the company was forced to make a major change in emphasis regarding the security holes in their products.

Microsoft is, of course, a huge software development organization. To move the organization into writing more secure code it was necessary to develop plans, procedures, classes for managers and programmer and the like to implement writing more secure code. The resulting effort is called the Security Development Lifecycle (SDL).

The results of implementing SDL are summarized in the Introduction to the book. Here are two newspaper headlines quoted there:

Gartner Recommends Against Microsoft IIS (eWeek, 2001)

We actually consider Microsoft to be leading the software industry now in improvements in their security development life cycle (CRN 2006)

This book is aimed at the people managing and defining software projects. It does not contain very many specific code examples that would appeal to the developer. This is not to say that developers shouldn't read it, but that it is not a detailed techie document.

The CD that comes with the book includes several documents that extend the concepts talked about in the book and a six part security class video conducted by the authors.

One note of caution. This book is on the Microsoft approach to security. It's what they are doing. It works for them. But there are also other approaches such as that being implemented by organizations such as the US Government.
One person found this helpful
Helpful
 Report
Mark
2.0 out of 5 stars No longer relevant?
Reviewed in the United States on June 23, 2017
Verified Purchase
I was hoping to find a lot of answers in this book. Unfortunately, I failed to check the Copyright date (2006).

I'm sure this was groundbreaking in 2006. Today, however, there is better information available on-line... with all the usual caveats of consuming anything on-line.
2 people found this helpful
Helpful
 Report

Top reviews from other countries

Translate all reviews to English
Robert Hogg
5.0 out of 5 stars Must Have Guide for the Serious Enterprise Developer
Reviewed in the United Kingdom on July 1, 2011
Verified Purchase
The no 1 essential book for any serious enterprise developer Microsoft's SDLC(Secure development LifeCycle) is a solid direction for any team wanting to ensure the safety and security of their solution. Security is so often overlooked or "retro-fitted" after the fact, it is no wonder that there are so many security breaches every day. The Security Development Lifecycle will help you understand many of the standard pitfalls that developers face, ways of addressing them and ways to test the solution. I recommend you buy this book.
Report
Mutombo
1.0 out of 5 stars unnötig, schade ums Geld
Reviewed in Germany on October 5, 2010
Verified Purchase
Was hier drin verzapft wird ist absolut unnötig. Nicht das es falsch wäre. Alles was da drinnen steht bringt nichts wirklich neues. Eine Prozess, der es vorsieht Codereviews zu machen, ist ja wirklich nicht das neueste. Der einzige Unterschied ist, dass das Buch beschreibt, wie dieser Prozess bei Microsoft durchgeführt wird.
Weiters wird darauf hingewiesen, welche Funktionen verwendet werden sollen und welche nicht. Aber genau diese Informationen findet man auch auf den MSDN-Seiten im Internet und zwar viel aktueller als hier.
Ich kann dieses Buch nicht empfehlen. Ich habe es mittlerweile weitergeschenkt, da ich mich nicht traue dafür Geld zu verlangen.
Report