Chapter 9 - Secure Application Development P a g e | 180
9.4 SDL-Agile
Figure 66 : SDL-Agile
This original version of tasks in SDL can be applied when the use development approach is based on waterfall model but for more agile cycle that fit with agile methodologies like Scrum an amended version were created with the name SDLagile As shown above with color some of tasks are executed each sprint ( a sprint is a set period of time during which specific work has to be completed and made ready for review . Normally a one-week task ) so mainly the agile version has the same tasks but it gives extra information about how frequent some of the tasks need to be preformed . For more comprehensive reference on Microsoft SDL please refer to the document titled ( Microsoft Press eBook The Security Development Life cycle )
9.5 OWASP Comprehensive lightweight application security process ( CLASP )
This methodologies was donated to OWASP at 2006 after being a commercial methodology . Unlike SDL CLASP uses ROLES to specify that tasks needed to be performed to implicitly maintain security in time where development phases or frequency are used in SDL .
Main roles identified by CLASP are project manager , Requirement Specifier , Architect , Designer , implementer , Test Analyst , Security editor . The following table illustrate the main activities that different roles need to consider to build a secure application .