Appendix P - SDL-Agile Every-Sprint Requirements

TitleRequirement/RecommendationApplies to Online ServicesApplies to Managed CodeApplies to Native Code
AllowPartiallyTrustedCallersAttribute (APTCA) reviewRequirementX
Apply input validation (LOB)RequirementXXX
Annotate pointers to non-const parameters using Standard Annotation Language (SAL)RequirementX
Avoid Exec in stored proceduresRequirementX
Communicate privacy-impacting design changes to the team's privacy advisorRequirementXXX
Compile all code with the /GS compiler optionRequirementXX
Comply with SDL firewall requirementsRequirementXX
Conduct internal security design review (LOB)RequirementXXX
Do not use banned APIs in new codeRequirementXX
Employ reflection and authentication relay defenseRequirementXX
Encrypt all secrets, such as credentials, keys, and passwords (LOB)RequirementXXX
Ensure all ASP.NET applications use the ValidateRequest cross-site scripting input validation attributeRequirementXX
Ensure all database access is performed through parameterized queries to stored proceduresRequirementXXX
Ensure all team members have had security education within the past yearRequirementXXX
Ensure the application domain group is granted only execute permissions on the database stored proceduresRequirementXXX
Fix all issues identified by code analysis tools for unmanaged codeRequirementXX
Fix all security issues identified by CAT.NET and FxCop static analysisRequirementXX
Follow input validation and output encoding guidelines to defend against cross-site scripting attacksRequirementXXX
Harden or disable XML entity resolutionRequirementXX
Host security deployment review (LOB)RequirementXXX
Link all code with the /dynamicbase linker option (Address Space Layout Randomization)RequirementXX
Link all code with the /nxcompat linker option (Data Execution Prevention)RequirementX
Link all code with the /safeseh linker option (safe exception handling)RequirementX
Mitigate against cross-site request forgery (CSRF)RequirementX
Mitigate against cross-site scripting (XSS)RequirementXXX
Secure sensitive data-at-rest (LOB)RequirementXXX
Secure sensitive data-in-transit (LOB)RequirementXXX
Update threat models for new featuresRequirementXXX
Use HeapSetInformationRequirementX
Use safe integer arithmetic for memory allocation for new codeRequirementX
Use safe redirectRequirementXXX
Use secure cookie over HTTPSRequirementXXX
Use standard annotation language (SAL) to annotate all functionsRequirementXX
Use the most secure ATL version and secure COM coding requirementsRequirementX
Use the /robust MIDL compiler switchRequirementX
Use the Relying Party Suite SDKRequirementXX
Utilize LOB Secure Code Review (LOB)RequirementXXX
Avoid JavaScript eval function and equivalentsRecommendationX
Canonicalize URLsRecommendationXXX
Employ COM best practicesRecommendationX
Encode long-lived pointersRecommendationXX
Restrict database permissionsRecommendationX
Review error messages to ensure sensitive information is not disclosedRecommendationXXX
Use strict /GS optionRecommendationXX
Use transport layer encryption securelyRecommendationXXX
Use whitelist of allowed domains to perform redirectsRecommendationXXX

Content Disclaimer

This documentation is not an exhaustive reference on the SDL process as practiced at Microsoft. Additional assurance work may be performed by product teams (but not necessarily documented) at their discretion. As a result, this example should not be considered as the exact process that Microsoft follows to secure all products.

This documentation is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it.

This documentation does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

© 2012 Microsoft Corporation. All rights reserved.

Licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported