Secure Software Development Lifecycle Flashcards
1
Q
what is ms sdl?
A
microsoft security development lifecycle
2
Q
what are the goals of ms sdl
A
- Increase reliability of software
- Reduce maintenance costs
3
Q
name the 7 phases of ms sdl
A
- Training
- Requirements
- Design
- Implementation
- Verification
- Release
- Response
4
Q
name the 12 practices of ms sdl
A
- Provide training
- Define security requirements
- Define metrics and compliance reporting
- Perform threat modeling
- Establish design requirements
- Define and use cryptography standards
- Manage the security risk of using third-party components
- Use approved tools
- Perform static analysis security testing (SAST)
- Perform dynamic analysis security testing (DAST)
- Perform penetration testing
- Establish a standard incident response process
5
Q
liability: why is version control suitable as evidence?
A
Everything necessary to reproduce -source code -images, initial values, configuration Version control systems -Log modifications, history -Roll back mistakes, attacks Applicable -Traditional development -Configuration of hosted services, infrastructure as code
6
Q
Why should you sign your code?
A
Prove origin (authenticity) + integrity of transfer
Validity of certificate
