In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using techniques like white-box analysis and black-box testing. They also talk about secure coding practices based on the defense-in-depth approach using three lines of defense: input validation, hotspot protection, and output validation.
Security Development Lifecycle (SDL), developed at Microsoft, is a security assurance process with a focus on software development. It introduces security and privacy aspects in all phases of the software development process. InfoQ spoke with Bryan Sullivan from SDL team about the current state and future road map of the framework.