Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security

OWASP Kyiv
OWASP Kyiv
Mar. 4, 2018
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
1 of 25

Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security

Mar. 4, 2018
Download to read offline
Technology

Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security

OWASP Kyiv
OWASP Kyiv

Recommended

Owasp SAMM v1.5Owasp SAMM v1.5
Owasp SAMM v1.5Brian Glas2.6K views24 slides
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek2.7K views30 slides
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsPriyanka Aash454 views46 slides
NIST CSF OverviewNIST CSF Overview
NIST CSF OverviewPriyanka Aash2K views14 slides
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash777 views37 slides
Security review using SABSASecurity review using SABSA
Security review using SABSAMaganathin Veeraragaloo2.1K views104 slides

More Related Content

Slideshows for you

[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran369 views25 slides
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash6.6K views74 slides
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks1.4K views25 slides
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran3.4K views19 slides
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov17.2K views10 slides
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash2K views32 slides

Slideshows for you(20)

[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran369 views
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash6.6K views
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
Derek E. Weeks1.4K views
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran3.4K views
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
Allen Baranov17.2K views
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Priyanka Aash2K views
Devops as a serviceDevops as a service
Devops as a service
Saravanan Subburayal1K views
ITIL V3 New Process MapsITIL V3 New Process Maps
ITIL V3 New Process Maps
cityfan32.4K views
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
Priyanka Aash2.4K views
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
Government Technology Exhibition and Conference5.4K views
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP7.1K views
HITRUST CertificationHITRUST Certification
HITRUST Certification
ControlCase836 views
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
ForgeRock5.3K views
Security architectureSecurity architecture
Security architecture
Duncan Unwin8.8K views
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB 5.9K views
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
PECB 4.4K views
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture Approach
Femi Ashaye2.6K views
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
NotSoSecure Global Services521 views
Security models for security architectureSecurity models for security architecture
Security models for security architecture
Vladimir Jirasek17.8K views
DevSecOpsDevSecOps
DevSecOps
Cheah Eng Soon641 views

Similar to Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security

A comparative study of process templates in teamA comparative study of process templates in team
A comparative study of process templates in teamaminmesbahi1.1K views33 slides
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020Brian Levine532 views30 slides
Matteo Meucci - Security Summit 12th March 2019Matteo Meucci - Security Summit 12th March 2019
Matteo Meucci - Security Summit 12th March 2019Minded Security357 views83 slides
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)Denim Group1.9K views39 slides
Presentation on Agile TestingPresentation on Agile Testing
Presentation on Agile Testing1Solutions Pvt. Ltd.7.9K views21 slides
Agile & Secure SDLCAgile & Secure SDLC
Agile & Secure SDLCPaul Yang4.2K views66 slides

Similar to Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security(20)

A comparative study of process templates in teamA comparative study of process templates in team
A comparative study of process templates in team
aminmesbahi1.1K views
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
Brian Levine532 views
Matteo Meucci - Security Summit 12th March 2019Matteo Meucci - Security Summit 12th March 2019
Matteo Meucci - Security Summit 12th March 2019
Minded Security357 views
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
Denim Group1.9K views
Presentation on Agile TestingPresentation on Agile Testing
Presentation on Agile Testing
1Solutions Pvt. Ltd.7.9K views
Agile & Secure SDLCAgile & Secure SDLC
Agile & Secure SDLC
Paul Yang4.2K views
ScrumScrum
Scrum
gilashikwa1.8K views
Managing Application Security Risk in Enterprises - Thoughts and recommendationsManaging Application Security Risk in Enterprises - Thoughts and recommendations
Managing Application Security Risk in Enterprises - Thoughts and recommendations
Thierry Zoller196 views
Hack2Secure Assists Organization in Secure Application Development Through BS...Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...
hack2s28 views
Ch02Ch02
Ch02
guest50f28c467 views
Powering Safe Launch @ Scale (Feature Flags, Targeting, Experimentation)Powering Safe Launch @ Scale (Feature Flags, Targeting, Experimentation)
Powering Safe Launch @ Scale (Feature Flags, Targeting, Experimentation)
Split Software338 views
Computer courses in chandigharh - CBitss Technologies Computer courses in chandigharh - CBitss Technologies
Computer courses in chandigharh - CBitss Technologies
Cbitss Technologies 64 views
Software Process in software engineeringSoftware Process in software engineering
Software Process in software engineering
MuhammadTalha43686 views
Sas software-security-framework-107607Sas software-security-framework-107607
Sas software-security-framework-107607
CMR WORLD TECH259 views
VSTS & Application Lifecycle ManagementVSTS & Application Lifecycle Management
VSTS & Application Lifecycle Management
Enrico Antonacci1.1K views
testingtesting
testing
nazeer pasha1.3K views
Realizing Software Security Maturity: The Growing Pains and GainsRealizing Software Security Maturity: The Growing Pains and Gains
Realizing Software Security Maturity: The Growing Pains and Gains
Priyanka Aash321 views
Secure Agile SDLC BSides 14 - 2017 - Raphael DenipottiSecure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
Secure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
Raphael Denipotti1.5K views
Дмитро Терещенко, "How to secure your application with Secure SDLC"Дмитро Терещенко, "How to secure your application with Secure SDLC"
Дмитро Терещенко, "How to secure your application with Secure SDLC"
Sigma Software137 views
Owasp summit slides day 2Owasp summit slides day 2
Owasp summit slides day 2
Dinis Cruz424 views

More from OWASP Kyiv

Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...OWASP Kyiv246 views34 slides
Software Supply Chain Security та компоненти з відомими вразливостямиSoftware Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостямиOWASP Kyiv197 views21 slides
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout SuiteCloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout SuiteOWASP Kyiv153 views31 slides
Threat Modeling with OWASP Threat DragonThreat Modeling with OWASP Threat Dragon
Threat Modeling with OWASP Threat DragonOWASP Kyiv600 views12 slides
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...OWASP Kyiv693 views79 slides
Vlad Styran - Cyber Security Economics 101Vlad Styran - Cyber Security Economics 101
Vlad Styran - Cyber Security Economics 101OWASP Kyiv466 views17 slides

More from OWASP Kyiv(20)

Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
OWASP Kyiv246 views
Software Supply Chain Security та компоненти з відомими вразливостямиSoftware Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостями
OWASP Kyiv197 views
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout SuiteCloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
OWASP Kyiv153 views
Threat Modeling with OWASP Threat DragonThreat Modeling with OWASP Threat Dragon
Threat Modeling with OWASP Threat Dragon
OWASP Kyiv600 views
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
OWASP Kyiv693 views
Vlad Styran - Cyber Security Economics 101Vlad Styran - Cyber Security Economics 101
Vlad Styran - Cyber Security Economics 101
OWASP Kyiv466 views
Ivan Vyshnevskyi - Not So Quiet Git PushIvan Vyshnevskyi - Not So Quiet Git Push
Ivan Vyshnevskyi - Not So Quiet Git Push
OWASP Kyiv432 views
Dima Kovalenko - Modern SSL PinningDima Kovalenko - Modern SSL Pinning
Dima Kovalenko - Modern SSL Pinning
OWASP Kyiv525 views
Yevhen Teleshyk - OAuth PhishingYevhen Teleshyk - OAuth Phishing
Yevhen Teleshyk - OAuth Phishing
OWASP Kyiv362 views
Vlada Kulish - Why So Serial?Vlada Kulish - Why So Serial?
Vlada Kulish - Why So Serial?
OWASP Kyiv590 views
Vlad Styran - OWASP Kyiv 2017 Report and 2018 PlansVlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
Vlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
OWASP Kyiv344 views
Roman Borodin - ISC2 & ISACA Certification Programs First-hand ExperienceRoman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
Roman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
OWASP Kyiv815 views
Ihor Bliumental - WebSocketsIhor Bliumental - WebSockets
Ihor Bliumental - WebSockets
OWASP Kyiv343 views
Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017
Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017
OWASP Kyiv1.1K views
Viktor Zhora - Cyber and Geopolitics: Ukrainian factorViktor Zhora - Cyber and Geopolitics: Ukrainian factor
Viktor Zhora - Cyber and Geopolitics: Ukrainian factor
OWASP Kyiv647 views
Andriy Shalaenko - GO security tipsAndriy Shalaenko - GO security tips
Andriy Shalaenko - GO security tips
OWASP Kyiv1.5K views
Vlad Styran - "Hidden" Features of the Tools We All LoveVlad Styran - "Hidden" Features of the Tools We All Love
Vlad Styran - "Hidden" Features of the Tools We All Love
OWASP Kyiv636 views
Volodymyr Ilibman - Close Look at Nyetya InvestigationVolodymyr Ilibman - Close Look at Nyetya Investigation
Volodymyr Ilibman - Close Look at Nyetya Investigation
OWASP Kyiv412 views
Ihor Bliumental - Collision CORSIhor Bliumental - Collision CORS
Ihor Bliumental - Collision CORS
OWASP Kyiv370 views
Lidiia 'Alice' Skalytska - Security Checklist for Web DevelopersLidiia 'Alice' Skalytska - Security Checklist for Web Developers
Lidiia 'Alice' Skalytska - Security Checklist for Web Developers
OWASP Kyiv548 views

Recently uploaded

NTGapps DTB Platform.pdfNTGapps DTB Platform.pdf
NTGapps DTB Platform.pdfMustafa Kuğu165 views27 slides
Info Session GDSC Mepco Sechenk Chapter.pptxInfo Session GDSC Mepco Sechenk Chapter.pptx
Info Session GDSC Mepco Sechenk Chapter.pptxDURAIVIGNESHC15 views13 slides
dvss.pptdvss.ppt
dvss.pptSaikrishnaCheruvu1354 views1 slide
OpenFOAM benchmark for EPYC server -Influence of coarsestLevelCorr in GAMG so...OpenFOAM benchmark for EPYC server -Influence of coarsestLevelCorr in GAMG so...
OpenFOAM benchmark for EPYC server -Influence of coarsestLevelCorr in GAMG so...takuyayamamoto180014 views25 slides
Artificial Intelligence (AI).pptxArtificial Intelligence (AI).pptx
Artificial Intelligence (AI).pptxSharifulShishir49 views26 slides
Generative AI PotentialGenerative AI Potential
Generative AI PotentialKapil Khandelwal (KK)25 views68 slides

Recently uploaded(20)

NTGapps DTB Platform.pdfNTGapps DTB Platform.pdf
NTGapps DTB Platform.pdf
Mustafa Kuğu165 views
Info Session GDSC Mepco Sechenk Chapter.pptxInfo Session GDSC Mepco Sechenk Chapter.pptx
Info Session GDSC Mepco Sechenk Chapter.pptx
DURAIVIGNESHC15 views
dvss.pptdvss.ppt
dvss.ppt
SaikrishnaCheruvu1354 views
OpenFOAM benchmark for EPYC server -Influence of coarsestLevelCorr in GAMG so...OpenFOAM benchmark for EPYC server -Influence of coarsestLevelCorr in GAMG so...
OpenFOAM benchmark for EPYC server -Influence of coarsestLevelCorr in GAMG so...
takuyayamamoto180014 views
Artificial Intelligence (AI).pptxArtificial Intelligence (AI).pptx
Artificial Intelligence (AI).pptx
SharifulShishir49 views
Generative AI PotentialGenerative AI Potential
Generative AI Potential
Kapil Khandelwal (KK)25 views
AI and ML Series - Leveraging Generative AI and LLMs Using the UiPath Platfor...AI and ML Series - Leveraging Generative AI and LLMs Using the UiPath Platfor...
AI and ML Series - Leveraging Generative AI and LLMs Using the UiPath Platfor...
DianaGray1048 views
AWS Toolkit.pptxAWS Toolkit.pptx
AWS Toolkit.pptx
Brandon Minnick, MBA54 views
Stanford AI Report 2023Stanford AI Report 2023
Stanford AI Report 2023
Kapil Khandelwal (KK)19 views
Deploying CloudStack with CephDeploying CloudStack with Ceph
Deploying CloudStack with Ceph
ShapeBlue108 views
Orbyfy Grid e-Services_vFx.pdfOrbyfy Grid e-Services_vFx.pdf
Orbyfy Grid e-Services_vFx.pdf
Orbyfy19 views
Common - Concerns Around OpenAI.pptxCommon - Concerns Around OpenAI.pptx
Common - Concerns Around OpenAI.pptx
Alok Ranjan51 views
AI and ML Series - Introduction to Generative AI and LLMs - Session 1AI and ML Series - Introduction to Generative AI and LLMs - Session 1
AI and ML Series - Introduction to Generative AI and LLMs - Session 1
DianaGray10179 views
NoSQL Database Migration Masterclass - Session 3: Migration LogisticsNoSQL Database Migration Masterclass - Session 3: Migration Logistics
NoSQL Database Migration Masterclass - Session 3: Migration Logistics
ScyllaDB27 views
GDSC INFO.pptxGDSC INFO.pptx
GDSC INFO.pptx
AshishChanchal136 views
Mitigating Common CloudStack Instance Deployment FailuresMitigating Common CloudStack Instance Deployment Failures
Mitigating Common CloudStack Instance Deployment Failures
ShapeBlue109 views
CloudStack Managed User-data & DemoCloudStack Managed User-data & Demo
CloudStack Managed User-data & Demo
ShapeBlue107 views
ECE ANURANAN 2023ECE ANURANAN 2023
ECE ANURANAN 2023
Bishal20Hazarika103448 views
OpenFOAM benchmark for EPYC server: cavity mediumOpenFOAM benchmark for EPYC server: cavity medium
OpenFOAM benchmark for EPYC server: cavity medium
takuyayamamoto180031 views
GDSC_Info_Session_KITTiptur.pptxGDSC_Info_Session_KITTiptur.pptx
GDSC_Info_Session_KITTiptur.pptx
RadhikaNA38 views

Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security

  1. OWASP SAMM: Understanding Agile in Security

  2. Software development is…

  3. Agile

  4. Security methodologies for Agile

  5. MS SDL for Agile MS Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost

  6. MS SDL for Agile

  7. MS SDL for Agile

  8. MS SDL for Agile

  9. MS SDL is it THAT Agile? • Needs to be fully implemented • All functions are necessary • Doesn’t deal with business restrictions

  10. OWASP SAMM The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization

  11. OWASP SAMM Framework

  12. SAMM. Business function

  13. SAMM. Business function • Objective • Activities • Assessment • Results • Success Metrics • Costs • Personnel • Related Levels

  14. SAMM. Business function assessment

  15. SAMM. Assessment via toolbox

  16. SAMM. Defining goals

  17. SAMM. Defining goals

  18. SAMM. Reaching global goals

  19. OWASP SAMM: What is next?

  20. Agile to devops toolbox

  21. SAMM 2.0. Adjusting to devops SAMM Overview Business Function Security Practices Software Assurance Lifecycle Governance Construction Build & Deploy Verification Operations Threat Assessment Security Requirements Secure Architecture Strategy & Metrics Policy & Compliance Education & Guidance Issue Management Environment Hardening Operational Enablement Design Analysis Implementation Review Security Testing Secure Build Secure Deployment Defect Management

  22. SAMM 2.0 SAMM 2.0 is planned to be presented on OWASP 2018 Summer Summit OWASP SAMM repository: https://github.com/OWASP/samm/tree/master/v2.0

  23. SAMM. Get involved Special thanks to Yan Kravchenko – one of the SAMM developers If you want to contribute to the project or you just have some interesting opinions – contact OWASP members

  24. Q&A