Modern Software Security Development Lifecycle

Reducing the opportunities for attackers to exploit a potential weak spot or vulnerability requires analysing the overall attack surface, and includes restricting access to system services. Applying a structured approach to threat scenarios during design helps a team identify security vulnerabilities, determine risks from those threats, and establish appropriate mitigations. This session illustrates the core concepts of the Microsoft Security Development Lifecycle (SDL) and the security activities to perform to claim compliance with the SDL process. Practical applications of tools for understanding your attack surface (Attack Surface Analyzer), finding and addressing system security issues (Threat Modeling Tool), and a simple fuzzer designed to test for potential denial of service vulnerabilities (MiniFuzz).