Microsoft recently released version 5.0 Security Development Lifecycle
What is new and what is offered?
Almost all programmers have to deal with security threats on the application. Many computer users now want every application that is installed has a good security system, without disturbing the user's convenience.
In addition to the security system on the application, the user also wants the implementation of privacy. By Karen was, progrmmmer protect data privacy should be held oelh pemakaui serve targeted applications. To solve the above problem, we can start when the application is made, it means the implementation of secure software development in the drafting process. On the secure software development, there are three important elements that must be considered, namely:
* Best practices
* Process improvement.
* Metric
Implementation of secure software development on the application can digunakn pembutan, among others:
* Business Environment
* Processing personality identifiable Information (PII) or other sensitive information.
* Communicate regularly on the Internet or other network.
Is it the Security Development Lifecycle (SDL)?
Security development lifecycle or in short with SDL is a process of quality assurance on software security that is being created. Microsoft put it in a policy of intensive courses since 2004, which is implemented in all product development dibuat.DEngan combines holistic and practical approach, SDL introduces security and privacy on the entire software development process.
Currently, the implementation of SDL in software development is very important. Based on the targets attacked by the security system shows that the application is the most widely attacked targets ynag security system. Based on the statements of the Microsoft Security Intelligence Report Volume 7 for the interval of time from January to June 2009, showed that many applications were attacked security system and subsequently followed by the browser and OS.
Graph reports can be seen in Figure 1. This report can be downloaded at the Microsoft website at: http:??www.microsoft.com/downloads/detail.aspx?FamilyID=037f3771-330e-4457-a52c-b085dc0a4cd&displaylang=en.
Meanwhile according to reports IBM Internet Security System X-Force in 2008, showed that only about 11% bhwa attack the security system at large software vendors, namely Microsoft, Oracle, IBM, Apple, and Cisco. This means that approximately 89% of attacks occur on the product safety system software made by other than these five major software vendors.
Graph can be seen in Figure 2. This IBM report can be downloaded pad awebsite IBM, namely http://www-935.ibm.com/services/us/iss/xforce/trendreport/xforce-2008-annual-report.pdf.
Departure from these data, the implementation of SDL in software development is important because it can minimize the attack on the security system. Special application based on Windows platform, Microsoft has issued a document Seecurity Development Lifecycle, which currently have no recent version, ie version 5.
This document can be downloaded at http://www.microsoft.com/downloads/detail.aspx?FamilyID=7d8e6144-8276-4a62-a4c8-7af77c06b7ac&displaylang=en.
SDL documents a number of version 5 of 133 pages, contains information on the SDL methodology and process. SDL methodology process can be seen in Figure 3.
In order to facilitate the implementation of SDL, Microsoft also provides a document Simplified Implementation of the Microsoft SDL SDL is a summary document. This document can be downloaded at: http / / www.microsoft.com/downloads/detailes.aspx?familyid=0BAFF8E8-AB17-4E82-A1FF-7BF8D709D9FB&displaylang=en.
The implementation of SDL on Agile Development
Lots of software development organizations to implement Agile software development trap. In Microsoft's own internal, agile methodology is also applied in the manufacture of products lunak.pada device initially, Agile methodologies do not provide special attention to the security of software systems that dibuat.pada when security is of particular concern Agile user, so the methodology also gives attention to the implementation of the system security.
Microsoft began developing the software by giving attention to the security system known as SDL is applied SDL.daengan, microsoft security system can reduce the gap in its product more than 50%. Application of SDL is sukup heavy, especially on large products such as Windows and Microsoft Office.
SDL document version 5 already tersdia discussion of how mengggabungkan SDL with Agile methodology known as the SDL-Agiel. Processes that occur on-Agile SDL can be seen in figure 4.
Prior to the implementation of SDL-Agile, we do an assessment on systems and processes currently running on our work environment. Microsoft has provided instructions to do an assessment in the form of documents, namely the Microsoft SDL Optimization Model.
This document can be downloaded at the URL: http://www.microsoft.com/downloads/detail.aspx?familyID=90A402A0-CA84-42A2-B2AB-1CE8DE999582&displaylang=en.
This document consists of five documents that discuss some level of optimization of SDL. Based on this document, there are four levels of SDL optimization model, among others:
• Basic
• Standardized
• Advancad
• Dynamic
Four levels of optimization of SDL and its implementation can be seen in Figure 5 and 6.
SDL tool
In the implementation of SDL, sometimes we need a tool that can consistently maintain the predetermined process, in order to maintain the security quality of products manufactured. Microsoft provides a free SDL tool, which can be integrated with development tools such as visual studio. This tool yaituMSF-plus SecurityDEvelopment lifecycle Agile Process Templete for VSTS 2008 and can be downloaded at http://www.microsoft.com/downloads/details.aspx?familyID=c4b44860-cfba-494a-ba43-13c4aecf86af&displaylang=en.
Microsoft juaga provides a tool for the analysis of source code-based technology. NET Framework.
Through this tool, we can know whether the system would potentially threaten the security or not. This tool is known as CAT.NET available for the platform 32-bit and 64-bit and can detect potential vulnerabilities, among others:
* Cross-Site Scripting (XSS)
* SQL Injection
* XPath Injection
CAT.NET 32-bit version can be downloaded free of charge on http://www.microsoft.com/downloads/detail.aspx?FamilyID=0178E2EF-9DA8-445E-9348-C93F24CC9F9D&displaylang=en.
While CAT.NET 64-bit version can be downloaded at the URL: http://www.microsoft.com/downloads/detail.aspx?FamilyID=e0052bba-2d50-4214-b65b-37e5ef44f146&displaylang=en.
In addition to the above tool, Microsoft also provides a kit for developers SDL integrated with the application.
This package can be downloaded on Microsoft's website, which is in http://www.microsoft.com/downloads/detail.aspx?familyID=0FCBA3C7-BC30-47B0-A2F8-2E702720998A&displayLang=en
What is new and what is offered?
Almost all programmers have to deal with security threats on the application. Many computer users now want every application that is installed has a good security system, without disturbing the user's convenience.
In addition to the security system on the application, the user also wants the implementation of privacy. By Karen was, progrmmmer protect data privacy should be held oelh pemakaui serve targeted applications. To solve the above problem, we can start when the application is made, it means the implementation of secure software development in the drafting process. On the secure software development, there are three important elements that must be considered, namely:
* Best practices
* Process improvement.
* Metric
Implementation of secure software development on the application can digunakn pembutan, among others:
* Business Environment
* Processing personality identifiable Information (PII) or other sensitive information.
* Communicate regularly on the Internet or other network.
Is it the Security Development Lifecycle (SDL)?
Security development lifecycle or in short with SDL is a process of quality assurance on software security that is being created. Microsoft put it in a policy of intensive courses since 2004, which is implemented in all product development dibuat.DEngan combines holistic and practical approach, SDL introduces security and privacy on the entire software development process.
Currently, the implementation of SDL in software development is very important. Based on the targets attacked by the security system shows that the application is the most widely attacked targets ynag security system. Based on the statements of the Microsoft Security Intelligence Report Volume 7 for the interval of time from January to June 2009, showed that many applications were attacked security system and subsequently followed by the browser and OS.
Graph reports can be seen in Figure 1. This report can be downloaded at the Microsoft website at: http:??www.microsoft.com/downloads/detail.aspx?FamilyID=037f3771-330e-4457-a52c-b085dc0a4cd&displaylang=en.
Meanwhile according to reports IBM Internet Security System X-Force in 2008, showed that only about 11% bhwa attack the security system at large software vendors, namely Microsoft, Oracle, IBM, Apple, and Cisco. This means that approximately 89% of attacks occur on the product safety system software made by other than these five major software vendors.
Graph can be seen in Figure 2. This IBM report can be downloaded pad awebsite IBM, namely http://www-935.ibm.com/services/us/iss/xforce/trendreport/xforce-2008-annual-report.pdf.
Departure from these data, the implementation of SDL in software development is important because it can minimize the attack on the security system. Special application based on Windows platform, Microsoft has issued a document Seecurity Development Lifecycle, which currently have no recent version, ie version 5.
This document can be downloaded at http://www.microsoft.com/downloads/detail.aspx?FamilyID=7d8e6144-8276-4a62-a4c8-7af77c06b7ac&displaylang=en.
SDL documents a number of version 5 of 133 pages, contains information on the SDL methodology and process. SDL methodology process can be seen in Figure 3.
In order to facilitate the implementation of SDL, Microsoft also provides a document Simplified Implementation of the Microsoft SDL SDL is a summary document. This document can be downloaded at: http / / www.microsoft.com/downloads/detailes.aspx?familyid=0BAFF8E8-AB17-4E82-A1FF-7BF8D709D9FB&displaylang=en.
The implementation of SDL on Agile Development
Lots of software development organizations to implement Agile software development trap. In Microsoft's own internal, agile methodology is also applied in the manufacture of products lunak.pada device initially, Agile methodologies do not provide special attention to the security of software systems that dibuat.pada when security is of particular concern Agile user, so the methodology also gives attention to the implementation of the system security.
Microsoft began developing the software by giving attention to the security system known as SDL is applied SDL.daengan, microsoft security system can reduce the gap in its product more than 50%. Application of SDL is sukup heavy, especially on large products such as Windows and Microsoft Office.
SDL document version 5 already tersdia discussion of how mengggabungkan SDL with Agile methodology known as the SDL-Agiel. Processes that occur on-Agile SDL can be seen in figure 4.
Prior to the implementation of SDL-Agile, we do an assessment on systems and processes currently running on our work environment. Microsoft has provided instructions to do an assessment in the form of documents, namely the Microsoft SDL Optimization Model.
This document can be downloaded at the URL: http://www.microsoft.com/downloads/detail.aspx?familyID=90A402A0-CA84-42A2-B2AB-1CE8DE999582&displaylang=en.
This document consists of five documents that discuss some level of optimization of SDL. Based on this document, there are four levels of SDL optimization model, among others:
• Basic
• Standardized
• Advancad
• Dynamic
Four levels of optimization of SDL and its implementation can be seen in Figure 5 and 6.
SDL tool
In the implementation of SDL, sometimes we need a tool that can consistently maintain the predetermined process, in order to maintain the security quality of products manufactured. Microsoft provides a free SDL tool, which can be integrated with development tools such as visual studio. This tool yaituMSF-plus SecurityDEvelopment lifecycle Agile Process Templete for VSTS 2008 and can be downloaded at http://www.microsoft.com/downloads/details.aspx?familyID=c4b44860-cfba-494a-ba43-13c4aecf86af&displaylang=en.
Microsoft juaga provides a tool for the analysis of source code-based technology. NET Framework.
Through this tool, we can know whether the system would potentially threaten the security or not. This tool is known as CAT.NET available for the platform 32-bit and 64-bit and can detect potential vulnerabilities, among others:
* Cross-Site Scripting (XSS)
* SQL Injection
* XPath Injection
CAT.NET 32-bit version can be downloaded free of charge on http://www.microsoft.com/downloads/detail.aspx?FamilyID=0178E2EF-9DA8-445E-9348-C93F24CC9F9D&displaylang=en.
While CAT.NET 64-bit version can be downloaded at the URL: http://www.microsoft.com/downloads/detail.aspx?FamilyID=e0052bba-2d50-4214-b65b-37e5ef44f146&displaylang=en.
In addition to the above tool, Microsoft also provides a kit for developers SDL integrated with the application.
This package can be downloaded on Microsoft's website, which is in http://www.microsoft.com/downloads/detail.aspx?familyID=0FCBA3C7-BC30-47B0-A2F8-2E702720998A&displayLang=en
Comments
Post a Comment