sdl

画了张抛砖引玉的图

最近在公司忙sdl的东西,想把WEB开发这一块的流程等东西都按照sdl的一些思想给规范起来。

说是比较容易,但是做起来就麻烦了。具体细节不说了。总之有点难度,还好我们公司的领导现在都还比较重视这一块,这就提供了很大的方便。@amxku

画了个图,共享下,没啥技术含量(根据公司的情况做了些删减),仅供参考,算是抛砖引玉吧。欢迎拍砖。

91cd11a66376dc387d0f6438af2b7020.png - 大小: 560.05 KB - 尺寸:  x  - 点击打开新窗口浏览全图

个人拙见,欢迎斧正,@amxkuluoq.net

关键词: sdl , 安全 , 工作 , 技术

SDL Quick Security References

Brief Description

The sdl Quick Security References will help you better understand and address common attacks that may be affecting your software, Web sites, and users.

Overview

With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the perspective of multiple business roles - business decision maker, architect, developer, and tester/QA. These papers will help you address a critical business problem now while moving you toward SDL adoption in the future.

PS:有些地方写得还不错,可以参考参考
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=79042476-951f-48d0-8ebb-89f26cf8979d

关键词: sdl , 代码 , 安全