Secure Development Lifecycle Services (SDL)

Introduction to SDL
iSEC Partners has a single mission: to help our clients create more secure products. This mission has driven every aspect of our consultancy, from the profile of employees to the research projects we undertake and the tools we build. To achieve this mission iSEC recognizes that “build and test” alone isn’t enough to achieve security assurance for our clients. Real security assurance comes from building security best practices directly into the software development lifecycle.

iSEC Partners has a successful track record working with Fortune 500 clients to help engineering and development organizations improve their development processes and strengthen the security of their products with Security Development Lifecycle (SDL) services and training.

The full SDL is a large set of practices, and getting started right is a key to success. This is why iSEC Partners offers our “SDL Bootstrapping Service” to help educate your staff and accelerate its adoption into your internal development processes.

Because the success of the SDL comes from direct, end-to-end integration of security best practices into the software development process, iSEC Partners is uniquely qualified to assist your organization in starting off with the SDL. Our consultants are not just security experts or “hackers”: most come from a background as developers and test engineers. They have worked on and shipped real products and know how to integrate security with the demands of delivering a quality product in a timely manner.

In the Internet age, large organizations may find themselves unexpectedly in a software-security crisis, with legacy applications being used in new ways and exposed to new threats, or an avalanche of bugs flowing in, threatening market-share or product viability. The SDL was built out of Microsoft’s industry-leading experience and success in the face of this kind of challenge on the largest scale possible. iSEC Partners can help your organization apply these proven techniques to your unique security challenges.

iSEC's SDL Methodology
Our methodology consists of two main phases: SDL Strategy & Planning, and SDL Implementation. Read more about these phases here.

Commonly Asked Questions about iSEC's SDL Offerings
How does the SDL apply to non-Microsoft shops?
What are your current security training offerings?
What consulting offerings does your company have that apply to each phase of the software development lifecycle?

WORK WITH iSEC PARTNERS

iSEC Partners is always looking to expand its team of experienced technical professionals and continue to provide best-of-breed security solutions to its Fortune-100 customers.

If you are an experienced security researcher, developer, or consultant, please send an ASCII, PDF, or HTML resume to:

careers@isecpartners.com

BOOKS & WHITEPAPERS

Command Injection in XML Signatures and Encryption

Brad Hill, Principal Security Consultant

Hacking VoIP

Himanshu Dwivedi, Principal Partner

"Mobile Phone Messaging Anti-Forensics"

Zane Lackey, Senior Security Consultant
Luis Miras, Independent Security Researcher

more...