NGSSoftware & The Microsoft Security Development Lifecycle (SDL)

NGSSoftware are very pleased to be working with Microsoft in promoting the Security Development Lifecycle (SDL) ideals, the industry-leading software security assurance process, which was created by Microsoft in 2004 and has since led to measurable security improvements in flagship products. Through this opportunity NGSSoftware will be able to educate software development teams the world over in the best practices for including security requirements within the design, implementation and testing phases of product development. By doing so, it is believed that the overall standard for software security will increase, raising the bar significantly for malicious attackers hoping to find security vulnerabilities and leverage an affect through cyber threats. This has been a goal for NGSSoftware since inception, and the Microsoft SDL Pro Network, a group of security consultants and trainers that specialize in application security and have substantial experience and expertise with the methodology and technologies of the Security Development Lifecycle (SDL), is seen as a significant opportunity in furthering this goal.

The SDL represents a balanced and sensible approach to slipstreaming security into the software development lifecycle. It introduces stringent security requirements for the use of technologies at the design and implementation phases of a project, ensuring that insecure or inappropriate methods cannot be used, and it sets high quality objectives for the testing of software from the security and privacy standpoint. The SDL provides an invaluable guide for software developers when trying to establish a minimum security development policy for their organisation and offers a toolkit for implementing this standard without disrupting the core business of producing quality software applications.


SDL Graphic (Click for bigger)

(Click image for larger version)


The core elements of the SDL are also some of the core elements of NGSSoftware's security consultancy practice. When working with companies that have a software security requirement, including Microsoft themselves, NGSSoftware use a combination of training, product analysis and security assessment to highlight security weaknesses and strengthen a product offering. Threat Modeling, Fuzz Testing and Code Review are all leveraged when analysing the security footprint of software. Used correctly in combination with SDL minimum standards, these activities will steer a development team away from poor design and implementation choices and will also reveal existing security holes in a current product.

To contact NGSSoftware to discuss the SDL Consultancy Practice in support of the Microsoft Security Development Lifecycle in your organisation, or to engage NGSSoftware in SDL Consultancy under the Microsoft SDL Pro Network, please use the following details:

NGSSoftware SDL Practice Manager: Kev Dunn

Email: sdl@ngssoftware.com - (Optional PGP Encryption Key)

Phone: +44(0)208 401 0070

NGSSoftware looks forward to providing SDL consultancy for your organisation and will be happy to talk over any requirements you may have.

Next (SDL: Frequently Asked Questions) »


Customer Testimonials

Read what some of our satisfied customers are saying about us.

Speaking Events

We regularly present and speak at international security conferences throughout the world.

Informática 2009, Havana

OWASP AppSec Europe 2008

AusCERT 2008

NGS Publications

Web Application Hacker's Handbook

Oracle Hacker's Handbook

Database Hacker's Handbook

The Shellcoder's Handbook

SQL Server Security

Configuring IPCop Firewalls