Pre-SDL Requirements: Security Training for LOB
In this section and in the remainder of the SDL-LOB, only supplements to the original SDL are highlighted. To create a complete security plan for LOB applications, you should consult each section of the main SDL and the supplemental information contained in each phase of the SDL-LOB.
In addition to the basic concepts outlined in the main SDL, LOB training should include the following additional topics:
- Secure design, including the following topics:
- Secure coding, including the following topics:
- Integer overflow/underflow.
- Input validation and handling.
- Regulatory, which can include the following topics:
- Compliance with SOX, HIPAA, GLBA, PCI.
This documentation is not an exhaustive reference on the SDL process as practiced at Microsoft. Additional assurance work may be performed by product teams (but not necessarily documented) at their discretion. As a result, this example should not be considered as the exact process that Microsoft follows to secure all products.
This documentation is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it.
This documentation does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.
© 2012 Microsoft Corporation. All rights reserved.