Core Software Security by James Ransome, Anmol Misra

6

Design and Development (A4): SDL Activities and Best Practices

In this chapter we will describe the SDL activities for the design and develop ment (A4) phase of our security development lifecycle (see Figure 6.1). This phase can be mapped to the “readiness” phase in a typical software development lifecycle. We start with the continuation of policy compliance analysis for this phase and then move on to describe the elements of security test case execution. Building on the proper process for security testing that should have already been created, documented, and tested, analysis will continue until necessary tuning is identified in order to accomplish the required security level. We then describe the use of automated tools such as static, dynamic, ...