Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

HackLU-SDLTools

advertisement 
Now
2004
2002-2003
• Bill Gates writes
“Trustworthy Computing”
memo early 2002
• “Windows security push”
for Windows Server 2003
• Security push and FSR
extended to other
products
• Microsoft Senior
Leadership Team agrees
to require SDL for all
products that:
• Are exposed to
meaningful risk and/or
• Process sensitive data
2005-2007
• Optimize the process
through feedback,
analysis and automation
• SDL is enhanced
• Evangelize
the SDL to the software
development community:
• “Fuzz” testing
• Code analysis
• Crypto design
requirements
• Privacy
• Banned APIs
• and more…
• Windows Vista is the
first OS to go through
full SDL cycle
•
•
•
•
•
SDL Process Guidance
SDL Optimization Model
SDL Pro Network
SDL Tools
SDL Process Templates
SDL – Continual Improvement
- Now at version 5.2
- Microsoft’s secure development processes have come a long way since the SDL was first
introduced – the SDL is constantly evolving
Access organizational knowledge
Consider security at the outset of a project
Identify security critical components
Determine processes, documentation and tools
Verification of SDL security and privacy activities
Satisfaction of clearly defined release criteria
“Plan the work, work the plan…”
Simple:
Comprehensive:
Customizable:
The SDL Process Template integrates SDL directly into
the VSTS software development environment.
Vision
Model
Identify
Threats
Validate
Mitigate
Transforms threat modeling from an expertled process into a process that any software
architect can perform effectively
Mitigation
Mitigates
Stack cookies
Available in
Enabled by
Dev 10
/GS
Strict GS
‘non-traditional’ stack
overflows
Dev 10
#pragma strict_gs_check(on)
DEP
W^X
XP SP2+
/NXCOMPAT
Heap hardening
Heap metadata
attacks
Vista +
(OS Platform Support)
XPSP3
HeapSetInformation or
/SUBSYSTEM:WINDOWS,6.0
Heap terminate on
corruption
“
ASLR
ROP
/DYNAMICBASE
SafeSEH
SEH overwrites
/SAFESEH
SEHOP
“
Win 7+
Reg key entry
See http://msdn.microsoft.com/en-us/library/bb430720.aspx
http://msecdbg.codeplex.com/
http://microsoft.com/sdl
http://www.microsoft.com/security/sdl/adopt/tools.aspx
http://msdn.microsoft.com/en-us/vstudio
http://msdn.microsoft.com/enus/library/dd264939(v=VS.100).aspx
http://msecdbg.codeplex.com/
http://www.microsoft.com/security/msec.aspx
http://safecode.org
Related documents
View Slides - Tridion Developer Summit 2014
View Slides - Tridion Developer Summit 2014
S E R V I C E S - Space Dynamics Laboratory
S E R V I C E S - Space Dynamics Laboratory
Summary of Workshop on Use of Description Techniques 23 November 2002
Summary of Workshop on Use of Description Techniques 23 November 2002
ACTION ITEMS - UW BLACKBODY CDR 9 MARCH 2004 Action Item ACTION
ACTION ITEMS - UW BLACKBODY CDR 9 MARCH 2004 Action Item ACTION
Powerpoint 97
Powerpoint 97
Email Manager 5.6
Email Manager 5.6
A Comparison of Home Safety Education Methods to Prevent Falls
A Comparison of Home Safety Education Methods to Prevent Falls
“The documentation is the design, the design is the system!” www.SDL-Task-Force.org
“The documentation is the design, the design is the system!” www.SDL-Task-Force.org
Integrated Test Facility for Nanosat Assessment and Verification
Integrated Test Facility for Nanosat Assessment and Verification
Filters and Languages Supported
Filters and Languages Supported
Game Loop Pattern
Game Loop Pattern
Filters and Languages Supported - HCR
Filters and Languages Supported - HCR
Download
advertisement