Quiz Entry - updated: 2026.06.20
What security activities occur during the Implementation phase of SDL?
This is where secure design becomes secure code — lock down the toolchain, ban dangerous functions, scan automatically for bugs, and switch on the OS's built-in exploit defences.
Implementation makes sure the code written actually upholds the design's security, consistently and without relying on every developer's memory. It achieves that by automating and standardising good practice:
- Approved build tools and options — everyone compiles with the same vetted compiler/flags, so security-hardening switches are never accidentally left off.
- Static analysis — tools that scan source code for bugs without running it. The Microsoft examples are PREfix and PREfast (deep code-path analysers that find null-derefs, buffer overruns, etc.),
/analyze(the compiler flag that turns PREfast on), and FxCop (which checks compiled .NET assemblies against security and design rules). The point is to catch flaws mechanically rather than hoping a reviewer spots them. - Banned APIs — a blocklist of unsafe legacy functions (e.g.
strcpy,gets) that invite buffer overflows; the build flags or rejects any use of them. - OS "defense in depth" protections — turn on exploit-mitigation features the operating system offers so that even if a bug slips through, it's hard to weaponise:
- NX (No-eXecute / Data Execution Prevention) marks data memory as non-executable, so an attacker who injects code into a buffer can't run it.
- ASLR (Address Space Layout Randomization) randomises where code and data load in memory each run, so an attacker can't reliably predict addresses to jump to.
- HeapTermination makes the program crash immediately on heap corruption instead of limping on in an exploitable state.
- SAL (Standard Annotation Language) — annotations you add to function signatures (e.g. "this pointer must be non-null, this buffer is N bytes") so static analysers can catch misuse far more precisely.
Why it matters: good design still fails if a single strcpy reintroduces a buffer overflow — this phase is the safety net that keeps human error from undoing the architecture.