SlideShare une entreprise Scribd logo

Open SAMM contents overview

Télécharger en tant que PPTX, PDF
intive
intive

This document discusses software security strategies and the Open Software Assurance Maturity Model (OpenSAMM). It provides examples of objectives and assessments for governance, construction, verification, and operations based on OpenSAMM. The document also outlines how to get started with OpenSAMM, including assessing maturity levels, defining a roadmap, and estimating costs. External support is offered to help with assessments, penetration tests, and training.

Logiciels
1  sur  27
_ Neversettle. www.intive.com Welcome OWASP Open SAMM Szczecin, 01-03-2017 PapryQArz - We test with taste. www.papryqarz.org
Why should I care? 1. 2014 Tesco Bank: more than 2,000 accounts was posted on the Internet, ICO investigation followed 2. 2015 Ashley Madison: full client database leaked 3. 2015 Juniper NetScreen Firewalls: backdoor installed into the code 4. 2015 CIA Director John Brennan: social hack on his AOL account lead to leaking CIA creds
Am I secure? „We use the cloud, they keep us ok!” „We have security scanners!” „Our devs know OWASP top 10!” „We do penetration tests!”
Anything else? 1. Are there any other holes in my system? 2. What about next release? 3. Is my code secure? 4. Is my backup secure? My back office? 5. What about hosting…. ?
You need Strategy 1. OWASP – non profit org for cyber security 2. SAMM – Software Assurance Maturity Model 3. OpenSAMM – free SAMM by OWASP 4. OpenSAMM v 1.5 released Feb 28 ‚2017
Neversettle. www.intive.com _Open SAMM contents
OPEN SAMM CONFIDENTIAL
Governance General management of development activities. _Strategy & metrics _Policy & Compliance _Education & Guidance
Construction Definition of goals and software creation from requirements gathering to detailed implementation. _Security requirements _Threat assessment _Secure architecture
Verification Checking and testing artifacts produced. _Design review _Implementation review _Security testing
Operations Managing software that has been created: deployment, configuration and runing. _Environment hardening _Issue Management _Operational Enablement
Objectives example - governance
Objectives example - construction
Getting started
Assess yourself _OpenSAMM Assessment Toolbox (xls) _36 questions: quick assessment _Detailed assessment: verify your activities _Gap analysis
Assesment _ Clear representation of the maturity level _ Each Practice rated on the scale below _ Can capture progress over time
Your Score Card _ Clear representation of the maturity level _ Each Practice rated on the scale below _ Can capture progress over time
Define your roadmap _ Select template from OpenSAMM HowTo _ Adjust to your needs _ Start!
SAMM road map template
SAMM Templates _ Independent Software Vendors _ Online Service Providers _ Financial Services Organizations _ Government Organizations
Costs? _Deployment time _Release and process overhead _Licenses & training _Light assessment: 1-5 man-days
Costs - Virtualware _Software House: between 300 devs, 12 teams _Platform developed over 8 years _Mixed technologies
Phase 1 - goals
Training Phase 1 - costs Training: External: 52 37 + n Up to: 389 d
Call in for backup _How can we help: _External consulting _Penetration tests _Training
Contact us _Never settle. Krzysztof Machelski Director, Security & Automation +48 506 539 817 Krzysztof.Machelski@intive.com

Recommandé

OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)Denim Group
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: SecurityAmazon Web Services
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Accelerating DevOps Pipelines with AWS
Accelerating DevOps Pipelines with AWSAccelerating DevOps Pipelines with AWS
Accelerating DevOps Pipelines with AWSAmazon Web Services
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019NotSoSecure Global Services
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsCprime
 

Recommandé

OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)Denim Group
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: SecurityAmazon Web Services
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Accelerating DevOps Pipelines with AWS
Accelerating DevOps Pipelines with AWSAccelerating DevOps Pipelines with AWS
Accelerating DevOps Pipelines with AWSAmazon Web Services
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019NotSoSecure Global Services
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsCprime
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOpsArchana Joshi
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAmazon Web Services
 
Introduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code ServicesIntroduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code ServicesAmazon Web Services
 
Cómo empezar con Amazon EKS
Cómo empezar con Amazon EKSCómo empezar con Amazon EKS
Cómo empezar con Amazon EKSAmazon Web Services LATAM
 
(DVO202) DevOps at Amazon: A Look At Our Tools & Processes
(DVO202) DevOps at Amazon: A Look At Our Tools & Processes(DVO202) DevOps at Amazon: A Look At Our Tools & Processes
(DVO202) DevOps at Amazon: A Look At Our Tools & ProcessesAmazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
Building an AppSec Pipeline: Keeping your program, and your life, sane
Building an AppSec Pipeline: Keeping your program, and your life, saneBuilding an AppSec Pipeline: Keeping your program, and your life, sane
Building an AppSec Pipeline: Keeping your program, and your life, saneweaveraaaron
 
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelAmazon Web Services
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101Narudom Roongsiriwong, CISSP
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
 
Compliance with AWS
Compliance with AWSCompliance with AWS
Compliance with AWSAmazon Web Services
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Securityn|u - The Open Security Community
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft AzureGuy Barrette
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Patch Management - 2013
Patch Management - 2013Patch Management - 2013
Patch Management - 2013Vicky Ames
 
Practical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectivePractical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectiveRajniHatti
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOpsMichelangelo van Dam
 
AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6Neal Davis
 
Fuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsFuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsPawel Rzepa
 
Porównanie architektur MVVM i MVC (iOS)
Porównanie architektur MVVM i MVC (iOS)Porównanie architektur MVVM i MVC (iOS)
Porównanie architektur MVVM i MVC (iOS)intive
 

Contenu connexe

Tendances

DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOpsArchana Joshi
 
Introduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code ServicesIntroduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code ServicesAmazon Web Services
 
(DVO202) DevOps at Amazon: A Look At Our Tools & Processes
(DVO202) DevOps at Amazon: A Look At Our Tools & Processes(DVO202) DevOps at Amazon: A Look At Our Tools & Processes
(DVO202) DevOps at Amazon: A Look At Our Tools & ProcessesAmazon Web Services
 
Building an AppSec Pipeline: Keeping your program, and your life, sane
Building an AppSec Pipeline: Keeping your program, and your life, saneBuilding an AppSec Pipeline: Keeping your program, and your life, sane
Building an AppSec Pipeline: Keeping your program, and your life, saneweaveraaaron
 
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelAmazon Web Services
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft AzureGuy Barrette
 
Patch Management - 2013
Patch Management - 2013Patch Management - 2013
Patch Management - 2013Vicky Ames
 
Practical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectivePractical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectiveRajniHatti
 
AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6Neal Davis
 

Tendances (20)

DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App Firewall
 
Introduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code ServicesIntroduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code Services
 
Cómo empezar con Amazon EKS
Cómo empezar con Amazon EKSCómo empezar con Amazon EKS
Cómo empezar con Amazon EKS
 
(DVO202) DevOps at Amazon: A Look At Our Tools & Processes
(DVO202) DevOps at Amazon: A Look At Our Tools & Processes(DVO202) DevOps at Amazon: A Look At Our Tools & Processes
(DVO202) DevOps at Amazon: A Look At Our Tools & Processes
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
Building an AppSec Pipeline: Keeping your program, and your life, sane
Building an AppSec Pipeline: Keeping your program, and your life, saneBuilding an AppSec Pipeline: Keeping your program, and your life, sane
Building an AppSec Pipeline: Keeping your program, and your life, sane
 
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day Israel
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
 
Compliance with AWS
Compliance with AWSCompliance with AWS
Compliance with AWS
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
Patch Management - 2013
Patch Management - 2013Patch Management - 2013
Patch Management - 2013
 
Practical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectivePractical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's Perspective
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOps
 
AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6
 

En vedette

Fuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsFuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsPawel Rzepa
 
Porównanie architektur MVVM i MVC (iOS)
Porównanie architektur MVVM i MVC (iOS)Porównanie architektur MVVM i MVC (iOS)
Porównanie architektur MVVM i MVC (iOS)intive
 
Owasp SAMM v1.5
Owasp SAMM v1.5Owasp SAMM v1.5
Owasp SAMM v1.5Brian Glas
 
Setting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSetting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSebastien Deleersnyder
 
Wprowadzenie do CoreBluetooth
Wprowadzenie do CoreBluetoothWprowadzenie do CoreBluetooth
Wprowadzenie do CoreBluetoothintive
 
Owasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwcOwasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwcKaty Anton
 
What the HEC? Security implications of HDMI Ethernet Channel and other relate...
What the HEC? Security implications of HDMI Ethernet Channel and other relate...What the HEC? Security implications of HDMI Ethernet Channel and other relate...
What the HEC? Security implications of HDMI Ethernet Channel and other relate...44CON
 
Drive it Like you Hacked It - New Attacks and Tools to Wireles
Drive it Like you Hacked It - New Attacks and Tools to Wireles Drive it Like you Hacked It - New Attacks and Tools to Wireles
Drive it Like you Hacked It - New Attacks and Tools to Wireles E hacking
 
Развитие технологий генерации эксплойтов на основе анализа бинарного кода
Развитие технологий генерации эксплойтов на основе анализа бинарного кодаРазвитие технологий генерации эксплойтов на основе анализа бинарного кода
Развитие технологий генерации эксплойтов на основе анализа бинарного кодаPositive Hack Days
 
Tech cafe Microservices
Tech cafe MicroservicesTech cafe Microservices
Tech cafe MicroservicesKonrad Król
 
REES46 – система товарных рекомендаций и онлайн-мерчандайзинга
REES46 – система товарных рекомендаций и онлайн-мерчандайзингаREES46 – система товарных рекомендаций и онлайн-мерчандайзинга
REES46 – система товарных рекомендаций и онлайн-мерчандайзингаREES46
 
.Net anywhere
.Net anywhere.Net anywhere
.Net anywhereintive
 
Kotlin, Spek and tests
Kotlin, Spek and testsKotlin, Spek and tests
Kotlin, Spek and testsintive
 
Introduction of HDMI
Introduction of HDMIIntroduction of HDMI
Introduction of HDMIdrawtenor74
 
Rebooting Software Development - OWASP AppSecUSA
Rebooting Software Development - OWASP AppSecUSA Rebooting Software Development - OWASP AppSecUSA
Rebooting Software Development - OWASP AppSecUSA Nick Galbreath
 
Web Application Security | A developer's perspective - Insecure Direct Object...
Web Application Security | A developer's perspective - Insecure Direct Object...Web Application Security | A developer's perspective - Insecure Direct Object...
Web Application Security | A developer's perspective - Insecure Direct Object...n|u - The Open Security Community
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threatsVishal Kumar
 

En vedette (20)

Fuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsFuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugs
 
Porównanie architektur MVVM i MVC (iOS)
Porównanie architektur MVVM i MVC (iOS)Porównanie architektur MVVM i MVC (iOS)
Porównanie architektur MVVM i MVC (iOS)
 
Owasp SAMM v1.5
Owasp SAMM v1.5Owasp SAMM v1.5
Owasp SAMM v1.5
 
Setting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSetting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyder
 
Wprowadzenie do CoreBluetooth
Wprowadzenie do CoreBluetoothWprowadzenie do CoreBluetooth
Wprowadzenie do CoreBluetooth
 
Owasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwcOwasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwc
 
Secure coding by windows98SE
Secure coding by windows98SESecure coding by windows98SE
Secure coding by windows98SE
 
What the HEC? Security implications of HDMI Ethernet Channel and other relate...
What the HEC? Security implications of HDMI Ethernet Channel and other relate...What the HEC? Security implications of HDMI Ethernet Channel and other relate...
What the HEC? Security implications of HDMI Ethernet Channel and other relate...
 
Drive it Like you Hacked It - New Attacks and Tools to Wireles
Drive it Like you Hacked It - New Attacks and Tools to Wireles Drive it Like you Hacked It - New Attacks and Tools to Wireles
Drive it Like you Hacked It - New Attacks and Tools to Wireles
 
Развитие технологий генерации эксплойтов на основе анализа бинарного кода
Развитие технологий генерации эксплойтов на основе анализа бинарного кодаРазвитие технологий генерации эксплойтов на основе анализа бинарного кода
Развитие технологий генерации эксплойтов на основе анализа бинарного кода
 
Tech cafe Microservices
Tech cafe MicroservicesTech cafe Microservices
Tech cafe Microservices
 
REES46 – система товарных рекомендаций и онлайн-мерчандайзинга
REES46 – система товарных рекомендаций и онлайн-мерчандайзингаREES46 – система товарных рекомендаций и онлайн-мерчандайзинга
REES46 – система товарных рекомендаций и онлайн-мерчандайзинга
 
.Net anywhere
.Net anywhere.Net anywhere
.Net anywhere
 
Kotlin, Spek and tests
Kotlin, Spek and testsKotlin, Spek and tests
Kotlin, Spek and tests
 
Introduction of HDMI
Introduction of HDMIIntroduction of HDMI
Introduction of HDMI
 
American Fuzzy Lop
American Fuzzy LopAmerican Fuzzy Lop
American Fuzzy Lop
 
Rebooting Software Development - OWASP AppSecUSA
Rebooting Software Development - OWASP AppSecUSA Rebooting Software Development - OWASP AppSecUSA
Rebooting Software Development - OWASP AppSecUSA
 
Web Application Security | A developer's perspective - Insecure Direct Object...
Web Application Security | A developer's perspective - Insecure Direct Object...Web Application Security | A developer's perspective - Insecure Direct Object...
Web Application Security | A developer's perspective - Insecure Direct Object...
 
Owasp Au Rev4
Owasp Au Rev4Owasp Au Rev4
Owasp Au Rev4
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 

Similaire à Open SAMM contents overview

4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less workIevgenii Katsan
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
Corona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementCorona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementRedZone Technologies
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementEnclaveSecurity
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringAHM Pervej Kabir
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringAHM Pervej Kabir
 
Matteo Meucci - Security Summit 12th March 2019
Matteo Meucci - Security Summit 12th March 2019Matteo Meucci - Security Summit 12th March 2019
Matteo Meucci - Security Summit 12th March 2019Minded Security
 
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptxSecurity Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptxVikas Singh Yadav
 
Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016Stefan Streichsbier
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 
Something Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinSomething Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Using Amazon Inspector to Discover Potential Security Issues - AWS Online Tec...
Using Amazon Inspector to Discover Potential Security Issues - AWS Online Tec...Using Amazon Inspector to Discover Potential Security Issues - AWS Online Tec...
Using Amazon Inspector to Discover Potential Security Issues - AWS Online Tec...Amazon Web Services
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Simon Storm
 

Similaire à Open SAMM contents overview (20)

4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
Corona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementCorona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat Management
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to Measurement
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
 
Matteo Meucci - Security Summit 12th March 2019
Matteo Meucci - Security Summit 12th March 2019Matteo Meucci - Security Summit 12th March 2019
Matteo Meucci - Security Summit 12th March 2019
 
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptxSecurity Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
 
Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security Framework
 
Something Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinSomething Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton Chuvakin
 
Using Amazon Inspector to Discover Potential Security Issues - AWS Online Tec...
Using Amazon Inspector to Discover Potential Security Issues - AWS Online Tec...Using Amazon Inspector to Discover Potential Security Issues - AWS Online Tec...
Using Amazon Inspector to Discover Potential Security Issues - AWS Online Tec...
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
 
Secure Software Development Adoption Strategy
Secure Software Development Adoption StrategySecure Software Development Adoption Strategy
Secure Software Development Adoption Strategy
 

Plus de intive

Rok z Android MVVM
Rok z Android MVVMRok z Android MVVM
Rok z Android MVVMintive
 
Don't Forget About the Layout
Don't Forget About the LayoutDon't Forget About the Layout
Don't Forget About the Layoutintive
 
You Don't Need Dependency Injection
You Don't Need Dependency InjectionYou Don't Need Dependency Injection
You Don't Need Dependency Injectionintive
 
Front end - advanced development for beginners
Front end - advanced development for beginnersFront end - advanced development for beginners
Front end - advanced development for beginnersintive
 
Patronage 2016 Windows 10 Warsztaty
Patronage 2016 Windows 10 WarsztatyPatronage 2016 Windows 10 Warsztaty
Patronage 2016 Windows 10 Warsztatyintive
 
Techniczna organizacja zespołu cz 2
Techniczna organizacja zespołu cz 2Techniczna organizacja zespołu cz 2
Techniczna organizacja zespołu cz 2intive
 
Techniczna organizacja zespołu
Techniczna organizacja zespołuTechniczna organizacja zespołu
Techniczna organizacja zespołuintive
 
Organizacja zespołu
Organizacja zespołuOrganizacja zespołu
Organizacja zespołuintive
 
Nie tylko C# - Ekosystem Microsoft dla programistów
Nie tylko C# - Ekosystem Microsoft dla programistówNie tylko C# - Ekosystem Microsoft dla programistów
Nie tylko C# - Ekosystem Microsoft dla programistówintive
 
[PL] MVP do MVVM - separacja warstw w aplikacji androidowej
[PL] MVP do MVVM - separacja warstw w aplikacji androidowej[PL] MVP do MVVM - separacja warstw w aplikacji androidowej
[PL] MVP do MVVM - separacja warstw w aplikacji androidowejintive
 
Tips & Tricks Android
Tips & Tricks AndroidTips & Tricks Android
Tips & Tricks Androidintive
 
Apple Watch - Getting Started
Apple Watch - Getting StartedApple Watch - Getting Started
Apple Watch - Getting Startedintive
 
Clean architecture: Android
Clean architecture: AndroidClean architecture: Android
Clean architecture: Androidintive
 
CoreLocation (iOS) in details
CoreLocation (iOS) in detailsCoreLocation (iOS) in details
CoreLocation (iOS) in detailsintive
 
Developer Job in Practice
Developer Job in PracticeDeveloper Job in Practice
Developer Job in Practiceintive
 
Java Script - Object-Oriented Programming
Java Script - Object-Oriented ProgrammingJava Script - Object-Oriented Programming
Java Script - Object-Oriented Programmingintive
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Thingsintive
 
Service Workers: no more offline!
Service Workers: no more offline!Service Workers: no more offline!
Service Workers: no more offline!intive
 
Things.NET Presentation
Things.NET PresentationThings.NET Presentation
Things.NET Presentationintive
 
Twitter Bootstrap
Twitter BootstrapTwitter Bootstrap
Twitter Bootstrapintive
 

Plus de intive (20)

Rok z Android MVVM
Rok z Android MVVMRok z Android MVVM
Rok z Android MVVM
 
Don't Forget About the Layout
Don't Forget About the LayoutDon't Forget About the Layout
Don't Forget About the Layout
 
You Don't Need Dependency Injection
You Don't Need Dependency InjectionYou Don't Need Dependency Injection
You Don't Need Dependency Injection
 
Front end - advanced development for beginners
Front end - advanced development for beginnersFront end - advanced development for beginners
Front end - advanced development for beginners
 
Patronage 2016 Windows 10 Warsztaty
Patronage 2016 Windows 10 WarsztatyPatronage 2016 Windows 10 Warsztaty
Patronage 2016 Windows 10 Warsztaty
 
Techniczna organizacja zespołu cz 2
Techniczna organizacja zespołu cz 2Techniczna organizacja zespołu cz 2
Techniczna organizacja zespołu cz 2
 
Techniczna organizacja zespołu
Techniczna organizacja zespołuTechniczna organizacja zespołu
Techniczna organizacja zespołu
 
Organizacja zespołu
Organizacja zespołuOrganizacja zespołu
Organizacja zespołu
 
Nie tylko C# - Ekosystem Microsoft dla programistów
Nie tylko C# - Ekosystem Microsoft dla programistówNie tylko C# - Ekosystem Microsoft dla programistów
Nie tylko C# - Ekosystem Microsoft dla programistów
 
[PL] MVP do MVVM - separacja warstw w aplikacji androidowej
[PL] MVP do MVVM - separacja warstw w aplikacji androidowej[PL] MVP do MVVM - separacja warstw w aplikacji androidowej
[PL] MVP do MVVM - separacja warstw w aplikacji androidowej
 
Tips & Tricks Android
Tips & Tricks AndroidTips & Tricks Android
Tips & Tricks Android
 
Apple Watch - Getting Started
Apple Watch - Getting StartedApple Watch - Getting Started
Apple Watch - Getting Started
 
Clean architecture: Android
Clean architecture: AndroidClean architecture: Android
Clean architecture: Android
 
CoreLocation (iOS) in details
CoreLocation (iOS) in detailsCoreLocation (iOS) in details
CoreLocation (iOS) in details
 
Developer Job in Practice
Developer Job in PracticeDeveloper Job in Practice
Developer Job in Practice
 
Java Script - Object-Oriented Programming
Java Script - Object-Oriented ProgrammingJava Script - Object-Oriented Programming
Java Script - Object-Oriented Programming
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
Service Workers: no more offline!
Service Workers: no more offline!Service Workers: no more offline!
Service Workers: no more offline!
 
Things.NET Presentation
Things.NET PresentationThings.NET Presentation
Things.NET Presentation
 
Twitter Bootstrap
Twitter BootstrapTwitter Bootstrap
Twitter Bootstrap
 

Dernier

Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesVictoriaMetrics
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jNeo4j
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfRTS corp
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptxVinzoCenzo
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITmanoharjgpsolutions
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencessuser9e7c64
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shardsChristopher Curtin
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfmaor17
 
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...Bert Jan Schrijver
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 

Dernier (20)

Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 Updates
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptx
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh IT
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdf
 
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 

Open SAMM contents overview