The purpose of an application Security Development Lifecycle (SDL) program is to nurture a security mind-set in the software development culture through checkpoints, repeatable processes, tooling, and training.
Security ought to be at the forefront of minds while developing Enterprise-grade solutions. Our developers are skilled in implementing Security Development Lifecycle (SDL) into your development process to improve quality, reliability and long-term maintainability.
Microsoft and various other industry adopters has shown that integration of SDL with the SDLC process leads to significant security gains over practices implemented.
As a consulting member of Microsoft's exclusive SDL Pro Network, Affluent is endorsed and recognized by Microsoft as an industry leader in application security and SDL.
We are one among the few companies with the expertise to deliver and build on all phases of the Security Development Lifecycle. By working closely with developers, we deliver quantifiable results by cultivating critical security practices at every stage of software development.
Our approach is to work closely with your company's development staff, through the following four major phases:
Assess
We initiate by understanding your organization and goals by working closely with your key stakeholders, and through discussions with subject matter experts, we will perform a maturity assessment to establish a knowledge of the current state of security in your SDLC, relating to the following areas: policy, capability, training, requirements, design, implementation, verification, release, and response.
Identify and Create
Informed on your organization's current and desired positions within the SDL maturity model, we experts work to create the requirements and capabilities for your SDL program, including training requirements, quality gates, and more.
Evaluate and Plan
In this phase we shift to determining what needs to be done to implement the capabilities as outlined. We prepare a SDL advisory team with defined roles and select the application pilots to evaluate the SDL implementation.
Deploy
We execute the SDL program by guiding selected group of pilots through the established requirements and processes. This stage is expected to require the most time from your development staff and the most field work from Affluent. To start, development staff receive training on threat modelling and SDL basics. Following this, our members from the selected SDL advisory team will guide the pilots through application threat modelling, security testing, and bug triage.
