BestHub
Sign in
Tag

SDL

0 views collected around this technical thread.

DevOps
DevOps
Nov 26, 2024 · Information Security

10 Best‑Practice Principles for Implementing a Secure Development Lifecycle (SDL)

This article outlines ten essential best‑practice principles for implementing a Secure Development Lifecycle (SDL), covering top‑down leadership, alignment with existing management systems, visualizable processes, security goal classification, componentized security capabilities, supply‑chain management, service‑oriented SDL, DevSecOps toolchains, continuous optimization, and staff training.

Best PracticesDevSecOpsSDL
0 likes · 17 min read
10 Best‑Practice Principles for Implementing a Secure Development Lifecycle (SDL)
Bilibili Tech
Bilibili Tech
Aug 2, 2024 · Information Security

Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps

At Bilibili, the security team adapted Microsoft’s Security Development Lifecycle by establishing capability practices such as training, threat modeling, secure coding, and component scanning, integrating these processes into development pipelines through dedicated business partners, extending protection to the full data lifecycle, and evolving toward automated DevSecOps with in‑pipeline DAST and a custom vulnerability management platform.

DASTData SecurityDevSecOps
0 likes · 15 min read
Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps
DevOps
DevOps
Jun 27, 2023 · Information Security

From DevOps to DevSecOps: Understanding Threats, Security Practices, and Using Microsoft Threat Modeling Tool

This article explains how DevSecOps extends DevOps by embedding security throughout the software lifecycle, discusses common threats such as SQL injection and broken access control, outlines the Security Development Lifecycle, and provides a step‑by‑step guide to using Microsoft Threat Modeling Tool for proactive risk mitigation.

DevSecOpsMicrosoftOWASP
0 likes · 20 min read
From DevOps to DevSecOps: Understanding Threats, Security Practices, and Using Microsoft Threat Modeling Tool
Sohu Tech Products
Sohu Tech Products
Oct 19, 2022 · Information Security

Secure Software Development: SDL, Tool Configurations, and Safe Coding Practices

This article outlines essential practices for secure software development, covering Microsoft's Security Development Lifecycle, Visual Studio security features, and comprehensive secure coding guidelines—including safe APIs, SafeInt library usage, trust boundaries, type casting, and file operation safeguards—to reduce vulnerabilities such as buffer overflows and memory errors.

C++SDLSecure Coding
0 likes · 10 min read
Secure Software Development: SDL, Tool Configurations, and Safe Coding Practices
Baidu Geek Talk
Baidu Geek Talk
Aug 2, 2022 · Fundamentals

Understanding ffplay: Playback Workflow and Core Components

The article walks through ffplay’s end‑to‑end playback pipeline—starting with protocol and container demuxing, initializing FFmpeg and SDL, spawning read and decoder threads, handling video/audio decoding, synchronizing streams, and finally rendering frames—offering design insights for constructing a basic media player.

FFmpegSDLaudio-video sync
0 likes · 18 min read
Understanding ffplay: Playback Workflow and Core Components
HaoDF Tech Team
HaoDF Tech Team
Feb 28, 2022 · Information Security

Partner Data Security Closed‑Loop Management at Haodf Online

This article outlines how Haodf Online implements a closed‑loop partner data security framework—covering background regulations, SDL‑based lifecycle stages, partner information handling, security assessment, API testing, monitoring, and continuous improvement—to protect sensitive medical data across its ecosystem.

API securityData SecuritySDL
0 likes · 14 min read
Partner Data Security Closed‑Loop Management at Haodf Online
JD Tech
JD Tech
Feb 28, 2022 · Information Security

Integrating Functional Security Testing into Daily Test Practices: Concepts, SDL Roles, and Test‑Case Design

This article explains how test engineers can incorporate functional security testing into routine testing by outlining the differences between security and functional testing, describing the Security Development Lifecycle (SDL) responsibilities, and providing concrete test‑case design guidelines for various security scenarios.

Risk AssessmentSDLSecurity Testing
0 likes · 12 min read
Integrating Functional Security Testing into Daily Test Practices: Concepts, SDL Roles, and Test‑Case Design
Architecture and Beyond
Architecture and Beyond
Jan 2, 2022 · Information Security

Building an Application Security System: SDL and DevSecOps Approaches

The article examines application security challenges for startups, presents statistical attack data, defines what application security entails, outlines common security issues, and compares two main frameworks—Microsoft's Security Development Lifecycle (SDL) and DevSecOps—offering guidance on selecting and implementing a suitable security system.

DevSecOpsSDLSecurity Practices
0 likes · 16 min read
Building an Application Security System: SDL and DevSecOps Approaches
Tencent Cloud Developer
Tencent Cloud Developer
Jun 5, 2020 · Information Security

DevSecOps and Secure Development Lifecycle (SDL): Concepts, Practices, and Implementation

The article explains how DevSecOps extends the Secure Development Lifecycle by embedding security early and throughout CI/CD pipelines, combining threat‑based and vulnerability‑based defenses, automated testing tools such as SAST, DAST, IAST, and SCA, and fostering a collaborative culture of shared responsibility, illustrated by Tencent Cloud’s comprehensive “Golden Pipeline” implementation.

AutomationDevSecOpsSDL
0 likes · 14 min read
DevSecOps and Secure Development Lifecycle (SDL): Concepts, Practices, and Implementation
Youzan Coder
Youzan Coder
Dec 13, 2019 · Information Security

Boundary Defense in Enterprise Security: Definitions, Value, Techniques, and Youzan’s Implementation

Boundary defense—protective measures at business and IT entry points such as firewalls, WAFs, and secure development lifecycles—provides early‑stage enterprises a clear perimeter through detection, response, protection, and policy, as illustrated by Youzan’s web‑gate WAF, SDL checkpoints, DNS monitoring, and automated security‑ticket processes, enabling a shift toward deeper, defense‑in‑depth strategies.

Enterprise SecuritySDLboundary defense
0 likes · 18 min read
Boundary Defense in Enterprise Security: Definitions, Value, Techniques, and Youzan’s Implementation