The security development lifecycle (short SDL) has already proven its effectiveness in the development process, Microsoft products are a good example and the ERNW experience gained in customer environments is another one. Nevertheless a lot of companies still don’t use this approach to make their software more secure, because of the estimated implementation effort. This workshop will introduce the basic concept of a SDL and will also cover approaches to adopt the concept even on an individual project level to minimize this effort and benefit from the improvements for application security.

Agenda:

• Introduction to security development lifecycle
• Awareness and Training
• Threat Modeling and Risk Analysis
• Code Review and Application Testing
• Security metrics and thresholds
• Quality Gates
• Management Reporting
• SDL in the Agile Development Process