Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Owasp SAMM v1.5

1,226 views

Published on

Presentation from SAMM Webinar on March 1, 2017
https://www.youtube.com/watch?v=4pKdwRb8fTI
Needing to build more secure software, but not sure how to get started or what to focus on? The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing an organization.

Published in: Software
  • DOWNLOAD FULL eBOOK INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookeBOOK Crime, eeBOOK Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Owasp SAMM v1.5

  1. 1. OWASP SAMM v1.5
  2. 2. What is SAMM? • The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. • The resources provided by SAMM will aid in: – Evaluating an organization’s existing software security practices. – Building a balanced software security assurance program in well-defined iterations. – Demonstrating concrete improvements to a security assurance program. – Defining and measuring security-related activities throughout an organization.
  3. 3. Using a Maturity Model • Changes must be iterative while working toward long-term goals An organization’s behavior changes slowly over time • A solution must enable risk-based choices tailored to the organization There is no single recipe that works for all organizations • A solution must provide enough details for non-security-people Guidance related to security activities must be prescriptive • OWASP Software Assurance Maturity Model (SAMM) Overall, must be simple, well-defined, and measurable
  4. 4. Why SAMM? ”The most that can be expected from any model is that it can supply a useful approximation to reality: All models are wrong; some models are useful.” – George E. P. Box
  5. 5. Project History OpenSAMM 1.0 OWASP SAMM 1.1 OWASP SAMM 1.5 OWASP SAMM 2.0 OpenSAMMMarch 2009 March 2016 February 2017 2018-2019
  6. 6. SAMM Framework • For each of the four Business Functions, three Security Practices are defined • The security practices cover areas relevant to software security assurance
  7. 7. Example: Education & Guidance 7
  8. 8. Level definitions... • Objective • Activities • Assessment • Results • Success Metrics • Costs • Personnel • Related Levels
  9. 9. Maturity Levels & Assessment Scores Comprehensive mastery at scale Increased efficiency/effectiveness Ad-hoc provision Practice unfulfilled • Transparent view over different levels • Fine-grained improvements are visible No Few/Some At Least Half Many/Most
  10. 10. • Continuous Improvement • Iterative • Small Steps ASSESS questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources SAMM Quick Start
  11. 11. Assess via Worksheet
  12. 12. Assess via Toolbox
  13. 13. Goal • Gap analysis • Demonstrating improvement • Ongoing measurement
  14. 14. Plan • Roadmaps: use the “building blocks” • Templates for typical kinds of organizations • Tune these to your own targets / speed
  15. 15. Implement: 150+ OWASP resources Development Guide Cheat Sheets Quick Reference Guide WebGoat, iGoat, GoatDroid, AppSec Tutorials, Top Ten Education Testing Guide Hackademic Challenges Red Book
  16. 16. SAMM Toolbox – Interview
  17. 17. SAMM Toolbox – Scorecard
  18. 18. SAMM Toolbox – Roadmap
  19. 19. SAMM Toolbox – Roadmap Chart
  20. 20. SAMM Project Roadmap v2.0 (In Progress): • Model revision • More Metrics! • Application to agile • Roadmap effort planning • Benchmarking Build the community: • Grow list of SAMM adopters • Workshops at conferences • Dedicated SAMM Summit • Contribute Anon Results 21
  21. 21. Get involved • Project mailing list / work packages • Use and donate (feed)back! • Donate resources • Sponsor SAMM
  22. 22. Follow OWASP SAMM twitter.com/OwaspSAMM
  23. 23. Thank you! Questions? brian.glas@nvisium.com

×