BestHub
Sign in
Tagged articles
12 articles
Page 1 of 1
DevOps
DevOps
Nov 26, 2024 · Information Security

10 Best‑Practice Principles for Implementing a Secure Development Lifecycle (SDL)

This article outlines ten essential best‑practice principles for implementing a Secure Development Lifecycle (SDL), covering top‑down leadership, alignment with existing management systems, visualizable processes, security goal classification, componentized security capabilities, supply‑chain management, service‑oriented SDL, DevSecOps toolchains, continuous optimization, and staff training.

DevSecOpsSDLSecure Development
0 likes · 17 min read
10 Best‑Practice Principles for Implementing a Secure Development Lifecycle (SDL)
Bilibili Tech
Bilibili Tech
Aug 2, 2024 · Information Security

Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps

At Bilibili, the security team adapted Microsoft’s Security Development Lifecycle by establishing capability practices such as training, threat modeling, secure coding, and component scanning, integrating these processes into development pipelines through dedicated business partners, extending protection to the full data lifecycle, and evolving toward automated DevSecOps with in‑pipeline DAST and a custom vulnerability management platform.

Application SecurityDASTDevSecOps
0 likes · 15 min read
Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps
Sohu Tech Products
Sohu Tech Products
Aug 9, 2023 · Information Security

Software Supply Chain Security: Risks, Attacks, and Mitigation

The article explains software supply chain security across development, delivery, and usage phases, outlines ten common vulnerabilities and four attack categories, describes attack characteristics, examines risk factors in design, code, release, and operation stages, and presents comprehensive mitigation measures including SDL phases, DevSecOps practices, and detailed lifecycle controls.

DevSecOpsSDLSecurity
0 likes · 12 min read
Software Supply Chain Security: Risks, Attacks, and Mitigation
DevOps
DevOps
Jun 27, 2023 · Information Security

From DevOps to DevSecOps: Understanding Threats, Security Practices, and Using Microsoft Threat Modeling Tool

This article explains how DevSecOps extends DevOps by embedding security throughout the software lifecycle, discusses common threats such as SQL injection and broken access control, outlines the Security Development Lifecycle, and provides a step‑by‑step guide to using Microsoft Threat Modeling Tool for proactive risk mitigation.

DevSecOpsMicrosoftOWASP
0 likes · 20 min read
From DevOps to DevSecOps: Understanding Threats, Security Practices, and Using Microsoft Threat Modeling Tool
Sohu Tech Products
Sohu Tech Products
Oct 19, 2022 · Information Security

Secure Software Development: SDL, Tool Configurations, and Safe Coding Practices

This article outlines essential practices for secure software development, covering Microsoft's Security Development Lifecycle, Visual Studio security features, and comprehensive secure coding guidelines—including safe APIs, SafeInt library usage, trust boundaries, type casting, and file operation safeguards—to reduce vulnerabilities such as buffer overflows and memory errors.

CSDLSecure Coding
0 likes · 10 min read
Secure Software Development: SDL, Tool Configurations, and Safe Coding Practices
Baidu Geek Talk
Baidu Geek Talk
Aug 2, 2022 · Fundamentals

Understanding ffplay: Playback Workflow and Core Components

The article walks through ffplay’s end‑to‑end playback pipeline—starting with protocol and container demuxing, initializing FFmpeg and SDL, spawning read and decoder threads, handling video/audio decoding, synchronizing streams, and finally rendering frames—offering design insights for constructing a basic media player.

Audio-Video SyncMultimediaSDL
0 likes · 18 min read
Understanding ffplay: Playback Workflow and Core Components
HaoDF Tech Team
HaoDF Tech Team
Feb 28, 2022 · Information Security

Partner Data Security Closed‑Loop Management at Haodf Online

This article outlines how Haodf Online implements a closed‑loop partner data security framework—covering background regulations, SDL‑based lifecycle stages, partner information handling, security assessment, API testing, monitoring, and continuous improvement—to protect sensitive medical data across its ecosystem.

API SecuritySDLcompliance
0 likes · 14 min read
Partner Data Security Closed‑Loop Management at Haodf Online
JD Tech
JD Tech
Feb 28, 2022 · Information Security

Integrating Functional Security Testing into Daily Test Practices: Concepts, SDL Roles, and Test‑Case Design

This article explains how test engineers can incorporate functional security testing into routine testing by outlining the differences between security and functional testing, describing the Security Development Lifecycle (SDL) responsibilities, and providing concrete test‑case design guidelines for various security scenarios.

SDLSoftware Securityfunctional testing
0 likes · 12 min read
Integrating Functional Security Testing into Daily Test Practices: Concepts, SDL Roles, and Test‑Case Design
Architecture and Beyond
Architecture and Beyond
Jan 2, 2022 · Information Security

Building an Application Security System: SDL and DevSecOps Approaches

The article examines application security challenges for startups, presents statistical attack data, defines what application security entails, outlines common security issues, and compares two main frameworks—Microsoft's Security Development Lifecycle (SDL) and DevSecOps—offering guidance on selecting and implementing a suitable security system.

Application SecurityDevSecOpsSDL
0 likes · 16 min read
Building an Application Security System: SDL and DevSecOps Approaches
OPPO Amber Lab
OPPO Amber Lab
Jan 8, 2021 · Information Security

How Third-Party SDKs Threaten Mobile Apps and How to Secure Them

This article reviews OPPO's sixth Technical Open Day session on application and data security, detailing the current state, case studies, detection methods, and SDL integration for third‑party SDKs, and offers practical recommendations to mitigate privacy leaks, code execution, and other high‑risk vulnerabilities.

SDLprivacy compliancethird-party SDK
0 likes · 11 min read
How Third-Party SDKs Threaten Mobile Apps and How to Secure Them
Tencent Cloud Developer
Tencent Cloud Developer
Jun 5, 2020 · Information Security

DevSecOps and Secure Development Lifecycle (SDL): Concepts, Practices, and Implementation

The article explains how DevSecOps extends the Secure Development Lifecycle by embedding security early and throughout CI/CD pipelines, combining threat‑based and vulnerability‑based defenses, automated testing tools such as SAST, DAST, IAST, and SCA, and fostering a collaborative culture of shared responsibility, illustrated by Tencent Cloud’s comprehensive “Golden Pipeline” implementation.

DevSecOpsSDLSecure Development Lifecycle
0 likes · 14 min read
DevSecOps and Secure Development Lifecycle (SDL): Concepts, Practices, and Implementation
Youzan Coder
Youzan Coder
Dec 13, 2019 · Information Security

Boundary Defense in Enterprise Security: Definitions, Value, Techniques, and Youzan’s Implementation

Boundary defense—protective measures at business and IT entry points such as firewalls, WAFs, and secure development lifecycles—provides early‑stage enterprises a clear perimeter through detection, response, protection, and policy, as illustrated by Youzan’s web‑gate WAF, SDL checkpoints, DNS monitoring, and automated security‑ticket processes, enabling a shift toward deeper, defense‑in‑depth strategies.

SDLSecurityWAF
0 likes · 18 min read
Boundary Defense in Enterprise Security: Definitions, Value, Techniques, and Youzan’s Implementation