Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
5 likes2,445 views
The document discusses the OWASP SAMM (Software Assurance Maturity Model), an open framework that helps organizations implement a tailored software security strategy based on their specific risks. It provides an overview of SAMM, including its business functions, assessment process, and defining goals. Version 2.0 of SAMM is planned to adjust the model to devops and will be presented at OWASP in 2018, with the code hosted on GitHub. The document encourages involvement from those interested in contributing to or providing feedback on the SAMM project.
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
- 1. OWASP SAMM: Understanding Agile in Security
- 3. Agile
- 4. Security methodologies for Agile
- 5. MS SDL for Agile MS Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost
- 6. MS SDL for Agile
- 7. MS SDL for Agile
- 8. MS SDL for Agile
- 9. MS SDL is it THAT Agile? • Needs to be fully implemented • All functions are necessary • Doesn’t deal with business restrictions
- 10. OWASP SAMM The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization
- 13. SAMM. Business function • Objective • Activities • Assessment • Results • Success Metrics • Costs • Personnel • Related Levels
- 14. SAMM. Business function assessment
- 15. SAMM. Assessment via toolbox
- 18. SAMM. Reaching global goals
- 19. OWASP SAMM: What is next?
- 21. Agile to devops toolbox
- 22. SAMM 2.0. Adjusting to devops SAMM Overview Business Function Security Practices Software Assurance Lifecycle Governance Construction Build & Deploy Verification Operations Threat Assessment Security Requirements Secure Architecture Strategy & Metrics Policy & Compliance Education & Guidance Issue Management Environment Hardening Operational Enablement Design Analysis Implementation Review Security Testing Secure Build Secure Deployment Defect Management
- 23. SAMM 2.0 SAMM 2.0 is planned to be presented on OWASP 2018 Summer Summit OWASP SAMM repository: https://github.com/OWASP/samm/tree/master/v2.0
- 24. SAMM. Get involved Special thanks to Yan Kravchenko – one of the SAMM developers If you want to contribute to the project or you just have some interesting opinions – contact OWASP members
- 25. Q&A