Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security

Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security

  • Identifiez-vous pour voir les commentaires

Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security

  1. 1. OWASP SAMM: Understanding Agile in Security
  2. 2. Software development is…
  3. 3. Agile
  4. 4. Security methodologies for Agile
  5. 5. MS SDL for Agile MS Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost
  6. 6. MS SDL for Agile
  7. 7. MS SDL for Agile
  8. 8. MS SDL for Agile
  9. 9. MS SDL is it THAT Agile? • Needs to be fully implemented • All functions are necessary • Doesn’t deal with business restrictions
  10. 10. OWASP SAMM The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization
  11. 11. OWASP SAMM Framework
  12. 12. SAMM. Business function
  13. 13. SAMM. Business function • Objective • Activities • Assessment • Results • Success Metrics • Costs • Personnel • Related Levels
  14. 14. SAMM. Business function assessment
  15. 15. SAMM. Assessment via toolbox
  16. 16. SAMM. Defining goals
  17. 17. SAMM. Defining goals
  18. 18. SAMM. Reaching global goals
  19. 19. OWASP SAMM: What is next?
  20. 20. Agile to devops toolbox
  21. 21. SAMM 2.0. Adjusting to devops SAMM Overview Business Function Security Practices Software Assurance Lifecycle Governance Construction Build & Deploy Verification Operations Threat Assessment Security Requirements Secure Architecture Strategy & Metrics Policy & Compliance Education & Guidance Issue Management Environment Hardening Operational Enablement Design Analysis Implementation Review Security Testing Secure Build Secure Deployment Defect Management
  22. 22. SAMM 2.0 SAMM 2.0 is planned to be presented on OWASP 2018 Summer Summit OWASP SAMM repository: https://github.com/OWASP/samm/tree/master/v2.0
  23. 23. SAMM. Get involved Special thanks to Yan Kravchenko – one of the SAMM developers If you want to contribute to the project or you just have some interesting opinions – contact OWASP members
  24. 24. Q&A

×