Microsoft releases free SDL tools at Black Hat DC

Microsoft has released two free tools to help software developers write secure code, as cybercriminals step up attacks on third-party applications.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

The tools, announced at the Black Hat DC security conference near Washington, are the latest public releases of elements of Microsoft's Security Development Lifecycle (SDL) programme.

Microsoft introduced the SDL in 2004 to standardise secure software development practices across all product lines.

Application developers are increasingly finding their code put to the test as attackers exploit any vulnerability they can find for financial gain, said Microsoft.

The first tool is a step-by-step guide to help software development organisations of any size adopt the SDL without increasing cost or reducing time to market.

"The guide sets out how any development team, even teams of eight to ten developers, can implement the SDL," said David Ladd, principal security program manager at Microsoft.

The SDL is not proprietary to Windows and therefore the techniques can be applied to applications developed for other platforms, Microsoft said.

The second tool is a beta version of a downloadable template for Microsoft Visual Studio 2008 for applying SDL methodology to agile or iterative software development process.

The template ensures that any code checked in by developers complies with SDL practices and automatically tracks manual processes, such as threat modelling, to prevent them being overlooked.

Microsoft also announced seven new members of its SDL Pro Network, a group of security organisations that help organisations adopt the SDL.

These include for the first time three organisations that are able to deploy a range of security tools to complement existing consulting and training members, said Microsoft.