The Security Development Lifecycle (SDL) is the industry-leading software security assurance process created by Microsoft and has been effective since 2004. The SDL Pro Network is a group of software security consultants, training companies, and tool providers that specialize in application and software security and have substantial experience and expertise with the methodology and technologies of the Security Development Lifecycle (SDL). As part of the SDL Pro Network, Mu Dynamics offers Mu Studio Security that can be used in the Verification and Release phases of the SDL. 

Mu Dynamics and the Microsoft SDL

Mu Dynamics provides critical value to all test organizations implementing the SDL. Mu Studio Security helps shorten release cycles, makes issue resolution more efficient, and fundamentally increases software security test coverage in the following ways:

• Custom Fuzz tests for any protocol
  Dramatically reduces fuzz test creation time for any protocol, both standard or proprietary, starting from customer packet captures (pcaps)
  • Mu Studio Security automatically generates thousands of highly relevant test cases by analyzing the contents of your packets
  • Test engineers no longer need to be fuzzing experts as all the domain expertise is built into the auto-generated tests
     
• Fuzz test suites for standard protocols
  Mu Studio Security provides standards-based protocol fuzzing with coverage for over 60 protocols. These tests can be run against both servers and gateway devices (such as proxies) with the Mu acting as both the client and the server.
   
• Remediation Toolkit
  Dramatically reduces issue resolution time for any problems found by the Mu fuzz tests
• In addition to finding issues, Mu Studio Security helps fix them by providing testers with a self-contained remediation toolkit that can be used by engineers. This toolkit is comprised of assets allowing developers to rapidly replicate and fix the issues. Examples of the remediation assets are packet captures, test documentation and standalone Linux executables that replicate the test traffic. Once a fix has been provided, the tester simply re-runs the failed tests in order to verify the fix.
   
• Customized security tests
  Software security test teams use Mu Studio Security to quickly create custom security test cases by modeling both valid and invalid exchanges between clients and servers or peer-to-peer systems. They provide a spreadsheet consisting of input data and expected outcomes for the exchange. Software security test teams can also create custom, distributed Denial of Service (DoS) attacks with randomized payload fields, making each instance of the DoS attack unique.
   
• Rapid field issue resolution
  For any incident found in the field, Mu Studio Security helps make the response faster and more accurate as test teams can now quickly isolate the offending packets using xtractr and then re-create the flows. Once a patch is identified, it is verified using Mu Studio Security before being rolled out to the customer. xtractr is a hybrid cloud application for indexing, searching, reporting, extracting and collaborating on pcaps and available on pcapr, a cloud based crowd sourced packet repository community that allows people to contribute, collaborate and share their knowledge on communication protocols and exchanges.

For more information on the Microsoft SDL, please visit www.microsoft.com/sdl

For more information on the Mu Dynamics products and solutions for security and performance testing, please visit any of the following links:

• Mu Studio Security
• Featured Mu Dynamics Customers
• pcapr – is a crowdsourced packet repository community, powered by Mu Dynamics, that allows people to contribute, collaborate and share their knowledge on communication protocols and exchanges.

 
To contact Mu Dynamics for more information, click here.