Web application security - the fast guide 1.1 | Page 175
Chapter 9 - Secure Application Development
P a g e | 175
Req.
Analysis
Release
Security
Design
Implementation
Of course this might look at first a process that will make the development too
slow but it for sure lead to minimize the final cost and time in security sensitive
application.
Lots of methodologies were used to build the security as part of the application
and it showed a very good outcomes and was adopted by many companies’ like
(Symantec, EMC, and Microsoft).
Main methodologies are applied through development life cycle or maturity
models to help assessing the level of security maturity for the application: SDL,
CLASP, SAMM, BSIMM
9.3 Microsoft Security development cycle(SDL)
After the heavy hit that affected IIS based application in 2001 due to different
worm attacks Microsoft took a decision to focus on emphasizing the security
over the new features.
The new strategy derives the need to develop the SDL security development
cycle where a set of tasks need to be performed through the development
process as illustrated in the scheme figure.