appsec europe 2014 project talk...owasp software assurance maturity model (samm) asses questionnaire...
TRANSCRIPT
![Page 1: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/1.jpg)
AppSec Europe 2014 Project Talk
![Page 2: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/2.jpg)
![Page 3: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/3.jpg)
![Page 4: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/4.jpg)
� �
Design Build Test Production
vulnerabilityscanning -
WAF
security testingdynamic test
tools
coding guidelines code reviews
static test tools
security requirements /
threat modeling
reactiveproactive
Secure Development Lifecycle(SAMM)
![Page 5: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/5.jpg)
An organization’s behavior changes slowly over time
Changes must be iterative while
working toward long-term goals
There is no single recipe that works
for all organizations
A solution must enable risk-based choices tailored to the organization
Guidance related to security
activities must be prescriptive
A solution must provide enough details for non-security-people
Overall, must be simple, well-defined, and measurable
OWASP Software Assurance
Maturity Model (SAMM)
![Page 6: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/6.jpg)
![Page 7: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/7.jpg)
![Page 8: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/8.jpg)
![Page 9: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/9.jpg)
![Page 10: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/10.jpg)
ASSESquestionnaire
GOALgap analysis
PLAN roadmap
IMPLEMENTOWASP
resources
![Page 11: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/11.jpg)
![Page 12: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/12.jpg)
![Page 13: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/13.jpg)
…
![Page 14: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/14.jpg)
![Page 15: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/15.jpg)
![Page 16: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/16.jpg)
![Page 17: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/17.jpg)
“ ”
![Page 18: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/18.jpg)
![Page 19: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/19.jpg)
![Page 20: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/20.jpg)
PROTECT
Tools: Enterprise Security API (ESAPI), CSRFGuard, AppSensor, ModSecurity Core Rule Set Project
Docs: Development Guide, Cheat Sheets, Secure Coding Practices - Quick Reference Guide
DETECT
Tools: OWTF, Broken Web Applications Project, Zed Attack Proxy
Docs: Code Review Guide, Testing Guide, Top Ten Project
LIFE CYCLE
SAMM, Application Security Verification Standard, Legal Project, WebGoat, Education Project, Cornucopia
![Page 21: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/21.jpg)
…
![Page 22: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/22.jpg)
![Page 23: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/23.jpg)
…
![Page 24: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/24.jpg)
![Page 25: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/25.jpg)
…
![Page 26: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/26.jpg)
![Page 27: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/27.jpg)
![Page 28: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/28.jpg)
![Page 29: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/29.jpg)
![Page 30: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/30.jpg)
![Page 31: AppSec Europe 2014 Project Talk...OWASP Software Assurance Maturity Model (SAMM) ASSES questionnaire GOAL gap analysis PLAN roadmap IMPLEMENT OWASP resources … “ ” PROTECT Tools:](https://reader033.vdocument.in/reader033/viewer/2022051910/5fff225a55adf2718c4b7234/html5/thumbnails/31.jpg)
Feb 2014 SecAppDev 2013
• Roles & ResponsibilitiesPeople
• Activities• Deliverables• Control Gates
Process
• Standards & Guidelines• Compliance• Transfer methods
Knowledge
• Development support• Assessment tools• Management tools
Tools & Components
Risk Training