Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pavel Radchuk - SAMM: Understanding Agile in Security

OWASP Kyiv
December 03, 2017
Technology
0
290

Pavel Radchuk - SAMM: Understanding Agile in Security

Video: https://youtu.be/nOrlK4p7QA8
OWASP Kyiv Winter 2017 Meetup, Dec 2, 2017
https://www.owasp.org/index.php/Kyiv

OWASP Kyiv

December 03, 2017
Tweet

More Decks by OWASP Kyiv

See All by OWASP Kyiv
Vlad Styran - OWASP Kyiv 2017 Report
owaspkyiv
0
67
Vlada Kulish - Why So Serial?
owaspkyiv
1
53
Roman Borodin - ISC2 & ISACA certification programs first-hand experience
owaspkyiv
0
69
Yevhen Teleshyk - OAuth Phishing
owaspkyiv
0
120
Ihor Blum - WebSockets
owaspkyiv
0
40
Vlad Styran - Cyber Security Economics 101
owaspkyiv
2
140
Anastasiia Vixentael - Don’t Waste Time on Learning Cryptography: Better Use It Properly
owaspkyiv
0
160
Dima Kovalenko - Modern SSL Pinning
owaspkyiv
0
74
Ivan Vyshnevskyi - Not So Quiet git push
owaspkyiv
0
140

Other Decks in Technology

See All in Technology
コンテナ・K8s研修 - 前半 コンテナ基礎・ハンズオン【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
170
初中級者用如何使用backlog -VALE TUDOEDITION-
in0u
0
140
テスト・設計研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
170
ソフトウェアエンジニアリングの知見を活かして データ基盤をいい感じにする on Snowflake [MIERUNE BBQ #10]
mtpooh
2
150
さらに高品質・高速化を目指すAI時代のテスト設計支援と、めざす先 / AI Test Lab vol.1
shift_evolve
0
190
コンテナ・K8s研修 - 後半 Kubernetes 基礎&ハンズオン【MIXI 24新卒技術研修】
mixi_engineers
PRO
1
120
たくさん本を読んだけど 1年後には綺麗サッパリ!を乗り越えて 学習の鬼になるぞ👹
yum3
0
160
AOAI Dev Day - Opening Session
yoshidashingo
2
430
GoとアクターモデルでES+CQRSを実践! / proto_actor_es_cqrs
ytake
1
150
大規模ドラレコデータ収集・機械学習基盤を支える AWS CDK 〜導入・運用事例紹介〜
pemugi
0
110
Azure Pipelinesを使用したCICDベースラインアーキテクチャ実践
yuriemori
0
190
AOAI Dev Day LLMシステム開発 Tips集
hirosatogamo
15
3.6k

Featured

See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
124
16k
The Brand Is Dead. Long Live the Brand.
mthomps
52
36k
Raft: Consensus for Rubyists
vanstee
134
6.5k
Fireside Chat
paigeccino
25
2.8k
Clear Off the Table
cherdarchuk
89
320k
Designing for humans not robots
tammielis
247
25k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
224
21k
The World Runs on Bad Software
bkeepers
PRO
63
11k
Fontdeck: Realign not Redesign
paulrobertlloyd
79
5.1k
Six Lessons from altMBA
skipperchong
24
3.2k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
12
3.8k
Learning to Love Humans: Emotional Interface Design
aarron
269
39k

Transcript

  1. OWASP SAMM: Understanding Agile in Security

  2. Software development is…

  3. Agile

  4. Security methodologies for Agile

  5. MS SDL for Agile MS Security Development Lifecycle (SDL) is

    a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost

  6. MS SDL for Agile

  7. MS SDL for Agile

  8. MS SDL for Agile

  9. MS SDL is it THAT Agile? • Needs to be

    fully implemented • All functions are necessary • Doesn’t deal with business restrictions

  10. OWASP SAMM The Software Assurance Maturity Model (SAMM) is an

    open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization

  11. OWASP SAMM Framework

  12. SAMM. Business function

  13. SAMM. Business function • Objective • Activities • Assessment •

    Results • Success Metrics • Costs • Personnel • Related Levels

  14. SAMM. Business function assessment

  15. SAMM. Assessment via toolbox

  16. SAMM. Defining goals

  17. SAMM. Defining goals

  18. SAMM. Reaching global goals

  19. OWASP SAMM: What is next?

  20. None

  21. Agile to devops toolbox

  22. SAMM 2.0. Adjusting to devops SAMM Overview Business Function Security

    Practices Software Assurance Lifecycle Governance Construction Build & Deploy Verification Operations Threat Assessment Security Requirements Secure Architecture Strategy & Metrics Policy & Compliance Education & Guidance Issue Management Environment Hardening Operational Enablement Design Analysis Implementation Review Security Testing Secure Build Secure Deployment Defect Management

  23. SAMM 2.0 SAMM 2.0 is planned to be presented on

    OWASP 2018 Summer Summit OWASP SAMM repository: https://github.com/OWASP/samm/tree/master/v2.0

  24. SAMM. Get involved Special thanks to Yan Kravchenko – one

    of the SAMM developers If you want to contribute to the project or you just have some interesting opinions – contact OWASP members

  25. Q&A