Introducing users to existing software development life cycle (SDLC) models, this book explains their weakness and shows how to build security practices into these models. After working with Fortune 500 companies, the authors have often seen examples of a breakdown in SDLC practices. They supply a realistic look at how to best apply available Secure Software Development Lifecycle (SSDLC) models. e. The text proposes improvements in applying these models to the software code. Case studies from Linux, Apache, and web applications walk readers through examples of how to implement improved practices.

Dr. James Ransome is the Senior Director of Product Security and responsible for all aspects of McAfee¿s Product Security Program, a corporate-wide initiative that supports McAfee¿s business units in delivering best-in-class, secure software products to customers. In this role, James sets program strategy, manages security engagements with McAfee business units, maintains key relationships with McAfee product engineers, and works with other leaders to help define and build product security capabilities. His career has been marked by leadership positions in private and public industries, including three chief information security officer (CISO) and four chief security officer (CSO) roles. Prior to entering the corporate world, James had 23 years of government service in various roles supporting the U.S. intelligence community, federal law enforcement, and the Department of Defense.
James holds a Ph.D. in Information Systems. He developed/tested a security model, architecture, and provided leading practices for converged wired/wireless network security for his doctoral dissertation as part of a NSA/DHS Center of Academic Excellence in Information Assurance Education program. He is the author of several books on information security, and Core Software Security: Security at the Source is his 10th. James is a member of Upsilon Pi Epsilon, the International Honor Society for the Computing and Information Disciplines, and he is a Certified Information Security Manager (CISM), a Certified Information Systems Security Professional (CISSP), and a Ponemon Institute Distinguished Fellow.
Anmol Misra is an author and a security professional with a wide range of experience in the field of information security. His expertise includes mobile and application security, vulnerability management, application and infrastructure security assessments, and security code reviews. He is a Program Manager in Ciscös Information Security group. In this role, he is responsible for developing and implementing security strategy and programs to drive security best practices into all aspects of Ciscös hosted products. Prior to joining Cisco, Anmol was a Senior Consultant with Ernst & Young LLP. In this role, he advised Fortune 500 clients on defining and improving information security programs and practices. He helped corporations to reduce IT security risk and achieve regulatory compliance by improving their security posture.
Anmol is co-author of Android Security: Attacks and Defenses, and is a contributing author of Defending the Cloud: Waging War in Cyberspace. He holds a master¿s degree in Information Networking from Carnegie Mellon University and a Bachelor of Engineering degree in Computer Engineering. He is based out of San Francisco, California.

Introduction. The Secure Development Lifecycle. Security Assessment (A1): SDL Activities and Best Practices. Architecture (A2): SDL Activities and Best Practices. Design and Development (A3): SDL Activities and Best Practices. Design and Development (A4): SDL Activities and Best Practices. Ship (A5): SDL Activities and Best Practices. Post-Release Support (PRSA1¿5). Applying the SDL Framework to the Real World. Pulling It All Together: Using the SDL to Prevent Real-World Threats.