Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

OWASP Open SAMM

869 vues

Publié le

How ti use the Software Assurance Maturity Model (SAMM) as an open guide to building security into software development.

Publié dans : Logiciels
  • DOWNLOAD FULL eBOOK INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookeBOOK Crime, eeBOOK Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

OWASP Open SAMM

  1. 1. _ Neversettle. www.intive.com Welcome OWASP Open SAMM Szczecin, 01-03-2017 PapryQArz - We test with taste. www.papryqarz.org
  2. 2. Why should I care? 1. 2014 Tesco Bank: more than 2,000 accounts was posted on the Internet, ICO investigation followed 2. 2015 Ashley Madison: full client database leaked 3. 2015 Juniper NetScreen Firewalls: backdoor installed into the code 4. 2015 CIA Director John Brennan: social hack on his AOL account lead to leaking CIA creds
  3. 3. Am I secure? „We use the cloud, they keep us ok!” „We have security scanners!” „Our devs know OWASP top 10!” „We do penetration tests!”
  4. 4. Anything else? 1. Are there any other holes in my system? 2. What about next release? 3. Is my code secure? 4. Is my backup secure? My back office? 5. What about hosting…. ?
  5. 5. You need Strategy 1. OWASP – non profit org for cyber security 2. SAMM – Software Assurance Maturity Model 3. OpenSAMM – free SAMM by OWASP 4. OpenSAMM v 1.5 released Feb 28 ‚2017
  6. 6. Neversettle. www.intive.com _Open SAMM contents
  7. 7. OPEN SAMM CONFIDENTIAL
  8. 8. Governance General management of development activities. _Strategy & metrics _Policy & Compliance _Education & Guidance
  9. 9. Construction Definition of goals and software creation from requirements gathering to detailed implementation. _Security requirements _Threat assessment _Secure architecture
  10. 10. Verification Checking and testing artifacts produced. _Design review _Implementation review _Security testing
  11. 11. Operations Managing software that has been created: deployment, configuration and runing. _Environment hardening _Issue Management _Operational Enablement
  12. 12. Objectives example - governance
  13. 13. Objectives example - construction
  14. 14. Getting started
  15. 15. Assess yourself _OpenSAMM Assessment Toolbox (xls) _36 questions: quick assessment _Detailed assessment: verify your activities _Gap analysis
  16. 16. Assesment _ Clear representation of the maturity level _ Each Practice rated on the scale below _ Can capture progress over time
  17. 17. Your Score Card _ Clear representation of the maturity level _ Each Practice rated on the scale below _ Can capture progress over time
  18. 18. Define your roadmap _ Select template from OpenSAMM HowTo _ Adjust to your needs _ Start!
  19. 19. SAMM road map template
  20. 20. SAMM Templates _ Independent Software Vendors _ Online Service Providers _ Financial Services Organizations _ Government Organizations
  21. 21. Costs? _Deployment time _Release and process overhead _Licenses & training _Light assessment: 1-5 man-days
  22. 22. Costs - Virtualware _Software House: between 300 devs, 12 teams _Platform developed over 8 years _Mixed technologies
  23. 23. Phase 1 - goals
  24. 24. Training Phase 1 - costs Training: External: 52 37 + n Up to: 389 d
  25. 25. Call in for backup _How can we help: _External consulting _Penetration tests _Training
  26. 26. Contact us _Never settle. Krzysztof Machelski Director, Security & Automation +48 506 539 817 Krzysztof.Machelski@intive.com

×