Welcome | Sign in

Developer Centers

Security Developer Center

Microsoft Security Development Lifecycle (SDL): Training and Resources

SDL Resources

Microsoft SDL version 3.2 – Process Guidance
Detailed information on all stages and requirements of version 3.2 of the Microsoft SDL

Microsoft Privacy Guidelines

Privacy guidelines for developing software products and services that are based on Microsoft internal guidelines and experience incorporating privacy into the software development process

Books

Howard, Michael and Steve Lipner, The Security Development Lifecycle, Microsoft Press, Redmond, Washington, 2006
Howard, Michael and David LeBlanc, Writing Secure Code, Second Edition, Microsoft Press, Redmond, Washington, 2003

The Security Development Lifecycle Blog

The Security Development Lifecycle Blog pulls together comments and insights from the Security Engineering team at Microsoft.

Training

These resources can help you develop the skills you need to create more secure software.

Presentations and interviews on the Microsoft SDL

Michael Howard discusses the SDL development practices, TechEd Barcelona, November 2007
- Presentation
- Video
Michael Howard discusses threat modeling, TechEd Barcelona, November 2007
- Presentation
- Video
Michael Howard’s “Everything Developer Security” talk, TechEd Barcelona, November 2007
- Presentation
- Video

Further Microsoft SDL/Application Security Resources

Threat Modeling

Threat modeling using the STRIDE approach
Learn how threat modeling is leveraged at Microsoft to uncover and mitigate security design flaws using the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, Elevation of privileges) model.
Threat Modeling for Line Of Business (LOB) Applications – the Microsoft ACE approach.

Secure Application Development

Securing Applications with the .NET Framework
The common language runtime and the .NET Framework provide many useful classes and services that enable developers to easily write security code. These classes and services also enable system administrators to customize the access that code has to protected resources. In addition, the runtime and the .NET Framework provide useful classes and services that facilitate the use of cryptography and role-based security.
patterns & practices – Security Guidance for Application Development
MSDN Security Developer Center
The MSDN security developer center includes a multitude of resources and information on secure coding practices.

SDL at Microsoft

SDL for You