Chapter 3 Security Assessment (A1): SDL Activities and Best Practices

3 Security Assessment (A1): SDL Activities and Best Practices

In this chapter, we will introduce the reader to the first phase of our security development lifecycle. This phase (A1) is called Security Assessment. We will describe different activities within this phase, why it is important, and then walk the reader through key success factors, deliverables, and metrics from this phase.

Security Assessment (A1) is the first phase of our SDL (see Figure 3.1). This is the phase where the project team identifies the product risk profile and the needed SDL activities; in some SDLs it is called the discovery phase. An initial project outline for security milestones and controls is developed and integrated into the development project schedule to allow ...

Get Core Software Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Core Software Security by James Ransome, Anmol Misra

3

Security Assessment (A1): SDL Activities and Best Practices

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly