The SDL Pro Network is a group of security consultants, training companies, and tool providers that specialize in application security and have substantial experience and expertise with the methodology and technologies of the SDL.
Closely following the SDL, the services offered by the SDL Pro Network are designed to span the entire lifecycle and make security and privacy an integral part of how software is developed. Specific offerings fall into the following capability areas:
- Training, Policy and Organizational Capabilities, including security training and advice on how to implement the SDL
- Requirements and Design, including risk analysis, functional requirements and threat modeling
- Implementation, including use of banned APIs, code analysis and code review
- Verification, including fuzzing and Web application scanning
- Release and Response, including final security review (FSR), penetration testing, and response planning and execution