Confronted with increasingly bulletproofed Windows operating systems, the threat environment shifted toward targeting vulnerabilities in the code designed to run on top of the platform. With security enhancements such as User Account Control, Address Space Layout Randomization, Kernel Patch Protection and driver signing, but also with the new development methodology set in place via the Microsoft Security Development Lifecycle, vulnerabilities in Windows Vista and its successor Windows 7 have become harder to
exploit, in the eventuality that attackers do come across critical security holes.
The biggest advantage in terms of security Vista and Windows 7 have over precursor Windows clients is the Security Development Lifecycle. And with the threat environment changing focus onto third-party Windows applications, Microsoft is ready to share the SDL secrets with third-party developers. An illustrative example in this regard is the
Microsoft Security Development Lifecycle (SDL): Developer Starter Kit.
“The Microsoft SDL - Developer Starter Kit offers content, labs, and training to help you establish a standardized approach to rolling out the Microsoft Security Development Lifecycle (SDL) in your organization—or enrich your existing development practices,” Microsoft revealed.
Developers will be able to leverage no less than 14 content modules. Microsoft is sharing with the developer community speaker notes, presenter guides, and sample comprehension questions. In addition, the SDL Developer Starting Kit also brings to the table 8 MSDN Virtual Labs complete with manuals, allowing organizations to create custom SDL training programs for their development teams.
Below you will find the individual materials from the Microsoft SDL – Developer Starter Kit:
Secure Design Principles Secure Implementation Principles Threat Modeling Principles Threat Modeling Tool Principles SQL Injection Vulnerabilities Bonus!
MSDN Virtual Lab Cross-Site Scripting Vulnerabilities Bonus!
MSDN Virtual Lab Code Analysis Bonus!
MSDN Virtual Lab Banned APIs Source Code Annotation Language Bonus!
MSDN Virtual Lab Security Code Review Bonus!
MSDN Virtual Lab Fuzz Testing Bonus!
MSDN Virtual Lab Compiler Defenses Bonus!
MSDN Virtual Lab Buffer Overflows Bonus!
MSDN Virtual Lab
Find us on Google+
No user comments yet.
Be the first to express your opinion!
