SSDL Touchpoints

Analysis and assurance of software development artifacts and processes.

Homesyncbookmark FrameworkSSDL Touchpoints

The SSDL Touchpoints domain includes essential software security best practices that are integrated into the SDLC; the two most important are architecture analysis and code review.

Architecture Analysis

Architecture analysis encompasses capturing software architecture in concise diagrams, applying lists of risks and threats, adopting a process for review (such as STRIDE or Architectural Risk Analysis), and building an assessment and remediation plan for the organization.

Code Review

The code review practice includes use of code review tools, development of tailored rules, customized profiles for tool use by different roles (for example, developers versus auditors), manual analysis, and tracking/measuring results.

Security Testing

The security testing practice is concerned with pre-release testing, including integrating security into standard quality assurance processes. The practice includes use of black box security tools (including fuzz testing) as a smoke test in QA, risk driven white box testing, application of the attack model, and code coverage analysis. Security testing focuses on vulnerabilities in construction.

color
http://www.syncbookmark.info/wp-content/themes/yunik-installable/
http://www.syncbookmark.info/
#51813b
style1
scrollauto
Loading posts...
#818285
on
none
loading
#818285
Sort Gallery
http://www.syncbookmark.info/wp-content/themes/yunik-installable
on
yes
yes
off
on
Newsletter Input text
off
off
Test de Penetrare, Scanare de Vulnerabilitati, MoldovaTeste de Penetrare, Scanari de Vulnerabilitati, MoldovaPenetration Testing Moldova, Penetration Test Moldova, LogicalPoint