Core Software Security by James Ransome, Anmol Misra

5

Design and Development (A3): SDL Activities and Best Practices

The design and development (A3) phase (see Figure 5.1) is when the end user of your software is foremost in your mind. During this phase you will do an analysis of policy compliance, create the test plan documentation, update your threat model if necessary, conduct a design security analysis and review, and do a privacy implementation assessment so you can make informed decisions about how to deploy your software securely and establish development best practices to detect and remove security and privacy issues early in the development cycle. You will perform static analysis during both the design and development (A3) and the ship (A4) phases of your SDL. We will provide a detailed ...