Course curriculum

    1. Welcome to SAMM Fundamentals

    2. Terms of Reference

    3. The Application Security Problem

    4. SDLC Overview

    5. SAMM Vision and History

    6. SAMM Structure

    7. The Model as an Assessment Tool

    8. Establishing an Assessment Scope

    9. Methodology for Using the Model

    10. Introducing the Case Studies

    1. Introduction to Governance

    2. Strategy & Metrics

    3. G-SM-A: Create and Promote

    4. G-SM-B: Measure and Improve

    5. Strategy & Metrics: Quiz

    6. Policy & Compliance

    7. G-PC-A: Policy and Standards

    8. G-PC-B: Compliance Management

    9. Policy & Compliance: Quiz

    10. Education & Guidance

    11. G-EG-A: Training and Awareness

    12. G-EG-B: Organization and Culture

    13. Education & Guidance: Quiz

    1. Introduction to Design

    2. Threat Assessment

    3. D-TA-A: Application Risk Profile

    4. D-TA-B: Threat Modeling

    5. Threat Assessment: Quiz

    6. Security Requirements

    7. D-SR-A: Software Requirements

    8. D-SR-B: Supplier Security

    9. Security Requirements: Quiz

    10. Security Architecture

    11. D-SA-A: Architecture Design

    12. D-SA-B: Technology Management

    13. Security Architecture: Quiz

    1. Introduction to Implementation

    2. Secure Build

    3. I-SB-A: Build Process

    4. I-SB-B: Software Dependencies

    5. Secure Build: Quiz

    6. Secure Deployment

    7. I-SD-A: Deployment Process

    8. I-SD-B: Secret Management

    9. Secure Deployment: Quiz

    10. Defect Management

    11. I-DM-A: Defect Tracking

    12. I-DM-B: Metrics and Feedback

    13. Defect Management: Quiz

    1. Introduction to Verification

    2. Architecture Assessment

    3. V-AA-A: Architecture Validation

    4. V-AA-B: Architecture Mitigation

    5. Architecture Assessment: Quiz

    6. Requirements-Driven Testing

    7. V-RT-A: Control Verification

    8. V-RT-B: Misuse/Abuse Testing

    9. Requirements-Driven Testing: Quiz

    10. Security Testing

    11. V-ST-A: Scalable Baseline

    12. V-ST-B: Deep Understanding

    13. Security Testing: Quiz

    1. Introduction to Operations

    2. Incident Management

    3. O-IM-A: Incident Detection

    4. O-IM-B: Incident Response

    5. Incident Management: Quiz

    6. Environment Management

    7. O-EM-A: Configuration Hardening

    8. O-EM-B: Patching and Updating

    9. Environment Management: Quiz

    10. Operational Management

    11. O-OM-A: Data Protection

    12. O-OM-B: System Decommissioning

    13. Operational Management: Quiz

About this course

  • Free
  • 79 lessons
  • 5 hours of video content

Course reviews

5 star rating

Awesome training

Luis Araujo

I have been using the SAMM for a long time and I always have some doubts about some quality criteria, mainly in the beginning (Governance), but this training gave me a clear comprehension of to how use this framework efficiently. I firmly believe ...

Read More

I have been using the SAMM for a long time and I always have some doubts about some quality criteria, mainly in the beginning (Governance), but this training gave me a clear comprehension of to how use this framework efficiently. I firmly believe that this training will help a lot of companies to increase their security maturity level. Undoubtedly I recommend this training not only to appsec team, but for all that are involved in all software lifecycle.

Read Less
5 star rating

Amazing

Juvenal Muniz

Really well thougth out course. The cadence and organization of the content are near perfection. The simplicity and elegance of the platform makes watching the course a joy.

Really well thougth out course. The cadence and organization of the content are near perfection. The simplicity and elegance of the platform makes watching the course a joy.

Read Less
5 star rating

Great Course for All

Roy De Vasconcelos

I would recommend anyone from beginner to expert to take this course as a update to their security learning or a refresher!

I would recommend anyone from beginner to expert to take this course as a update to their security learning or a refresher!

Read Less
5 star rating

Clear and profound insights course

Els Goossens

This is a must-do course for every IT professional, it gives clear insights and lifts your company's security to the next level. In one word: Awesome ! Thanks a lot

This is a must-do course for every IT professional, it gives clear insights and lifts your company's security to the next level. In one word: Awesome ! Thanks a lot

Read Less
5 star rating

Excellent and practical

R S

A great deep-dive into the SAMM model that gives actionnable inputs and valuable data to start an assessment. Thanks to the Core team!

A great deep-dive into the SAMM model that gives actionnable inputs and valuable data to start an assessment. Thanks to the Core team!

Read Less
5 star rating

great overview of governance!

Max Alejandro Gómez-Sánchez Vergaray

I've just take the governance course and thats awesome!

I've just take the governance course and thats awesome!

Read Less
5 star rating

Application security specialist

Khurshid Hassan

Very helpful in grasping the ideas to asses the security posture of application Being built, deployed and managed.

Very helpful in grasping the ideas to asses the security posture of application Being built, deployed and managed.

Read Less
5 star rating

In depth course

Hugo Biller

It shows very interesting points about how assessments can be done!

It shows very interesting points about how assessments can be done!

Read Less
5 star rating

This is my personal review on the OWASP SAMM fundamentals

Ben Malawau

Everything has been explained very clearly until now. Even non-technical people can understand what the benefits are of implementing SAMM, which at our office will become usefull. My compliments to the person who has presented all these slides.

Everything has been explained very clearly until now. Even non-technical people can understand what the benefits are of implementing SAMM, which at our office will become usefull. My compliments to the person who has presented all these slides.

Read Less

Discover your potential, starting today