3 Days left to Save $400 on SANS DFIR Summit

Microsoft SDL

Microsoft SDL

SANS - A Member of the Microsoft Security Development Lifecycle (SDL) Pro Network

SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. We are proud to be a member of the SDL Pro Network, a group of security consultants and trainers that specialize in application security and have substantial experience and expertise with the methodology and of the SDL, the industry-leading software security assurance process.

The Microsoft SDL

Microsoft Security Development Lifecycle (SDL)

The Need for Application Security

Attacks are moving to the application layer and pose a significant threat to your customers and sensitive information. According to data collected by the Internet Storm Center, over 70% of attacks on networks originate in the application layer. A poorly developed application can open your system to attacks. Cyber criminals exploit the vulnerabilities that result from insecure coding:

  • A 2005 FBI survey estimated the annual loss due to computer crime at $67.2 billion for U.S. organizations;
  • The average cost of lost business per data breach was estimate at $6.6 million, including lost business due to customer churn as a result of negative publicity, according to a 2008 study from the Ponemon Institute.

The SDL Network was created to address the challenges developers are facing with the increasing shift of attacks to the application layer.

SANS Training

The SANS Software Security Institute (SSI) brings the most trusted name in information security to developers, programmers and application/software security professionals. Training for web application security and hacking, secure coding, software security testing, code review and PCI compliance:

SANS will work with organizations to deliver training to include the SDL via on-site classes.

SANS training is available in a variety of formats:

  • Conferences with in-depth training courses lasting 2 - 6 days
  • OnSite training at your company's location for groups of 15 or more
  • Computer Based Training (CBT) via SANS' proprietary OnDemand system
  • Live Web based training
  • Local community programs for smaller markets that have a concentration of people from different organizations that would like to receive the same training
  • Train the trainer - a customized programming designed for organizations that need to train 1,000 or more personnel in a very cost effective and resource efficient manner

For additional information on Training, Certification and Resources please visit The SANS Software Security Institute (SSI) or e-mail spa@sans.org

The Security Development Lifecycle (SDL) is the industry-leading software security assurance process created by Microsoft in 2004. It led to measurable security improvements in flagship products such as Windows Vista and SQL Server. With attacks moving to the application layer, the SDL is now more accessible to every developer in order to create more secure software. Visit the Microsoft SDL Pro Network to learn more.

Microsoft is very happy to have SANS as a member of the SDL Pro Network. SANS brings seasoned security training expertise to help deliver Microsoft's SDL guidance to customers and software developers worldwide. -Steve Lipner, Senior Director, Microsoft's Trustworthy Computing Group