Fundamental Practices for Secure Software Development Third Edition March 2018 c . 5 b u Essential Elements of a Secure Development Lifecycle Program h t i g © 2018 SAFECode – All Rights Reserved. m o Fundamental Practices for Secure Software Development Table of Contents Executive Summary .................................................................................................................................... 4 Introduction ................................................................................................................................................. 5 Audience ................................................................................................................................................. 5 SAFECode Guidance and Software Assurance Programs ..................................................................... 6 Application Security Control Definition .................................................................................................... 7 Actively Manage Application Security Controls ...................................................................................... 7 m o Design .......................................................................................................................................................... 9 Secure Design Principles ....................................................................................................................... 9 c . 5 Threat Modeling .................................................................................................................................... 10 Develop an Encryption Strategy ........................................................................................................... 11 Standardize Identity and Access Management .................................................................................... 12 b u Establish Log Requirements and Audit Practices ................................................................................ 14 Secure Coding Practices .......................................................................................................................... 15 h t i g Establish Coding Standards and Conventions ..................................................................................... 15 Use Safe Functions Only ...................................................................................................................... 15 Use Code Analysis Tools To Find Security Issues Early ..................................................................... 17 Handle Data Safely ............................................................................................................................... 17 Handle Errors........................................................................................................................................ 20 Manage Security Risk Inherent in the Use of Third-party Components .............................................. 21 Testing and Validation .............................................................................................................................. 22 Automated Testing ............................................................................................................................... 22 Manual Testing ..................................................................................................................................... 24 Manage Security Findings........................................................................................................................ 27 Define Severity ..................................................................................................................................... 27 Risk Acceptance Process ..................................................................................................................... 28 Vulnerability Response and Disclosure ................................................................................................. 29 Define Internal and External Policies ................................................................................................... 29 Define Roles and Responsibilities ........................................................................................................ 29 Ensure that Vulnerability Reporters Know Whom to Contact ............................................................... 30 Manage Vulnerability Reporter

pdf文档 SAFECode_Fundamental_Practices_for_Secure_Software_Development_March_2018 (SAFECode 安全软件开发基本实践)

安全文档 > 软件开发安全 > 文档预览
英文文档 38 页 50 下载 1000 浏览 0 评论 0 收藏 3.0分
温馨提示:本文档共38页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
SAFECode_Fundamental_Practices_for_Secure_Software_Development_March_2018 (SAFECode 安全软件开发基本实践) 第 1 页 SAFECode_Fundamental_Practices_for_Secure_Software_Development_March_2018 (SAFECode 安全软件开发基本实践) 第 2 页 SAFECode_Fundamental_Practices_for_Secure_Software_Development_March_2018 (SAFECode 安全软件开发基本实践) 第 3 页
下载文档到电脑,方便使用
本文档由 路人甲2022-05-30 11:53:07上传分享
给文档打分
您好可以输入 255 个字符
网站域名是多少( 答案:github5.com )
评论列表
  • 暂时还没有评论,期待您的金玉良言
站内资源均来自网友分享或网络收集整理,若无意中侵犯到您的权利,敬请联系我们微信(点击查看客服),我们将及时删除相关资源。