OWASP SAMM Fundamentals
In this course we provide an overview of the OWASP Software Assurance Maturity Model. We dive deep into its 5 Business Functions and provide guidance when it comes to the nitty-gritty of each Security Practice.
Welcome to SAMM Fundamentals
Terms of Reference
The Application Security Problem
SDLC Overview
SAMM Vision and History
SAMM Structure
The Model as an Assessment Tool
Establishing an Assessment Scope
Methodology for Using the Model
Introducing the Case Studies
Introduction to Governance
Strategy & Metrics
G-SM-A: Create and Promote
G-SM-B: Measure and Improve
Strategy & Metrics: Quiz
Policy & Compliance
G-PC-A: Policy and Standards
G-PC-B: Compliance Management
Policy & Compliance: Quiz
Education & Guidance
G-EG-A: Training and Awareness
G-EG-B: Organization and Culture
Education & Guidance: Quiz
Introduction to Design
Threat Assessment
D-TA-A: Application Risk Profile
D-TA-B: Threat Modeling
Threat Assessment: Quiz
Security Requirements
D-SR-A: Software Requirements
D-SR-B: Supplier Security
Security Requirements: Quiz
Security Architecture
D-SA-A: Architecture Design
D-SA-B: Technology Management
Security Architecture: Quiz
Introduction to Implementation
Secure Build
I-SB-A: Build Process
I-SB-B: Software Dependencies
Secure Build: Quiz
Secure Deployment
I-SD-A: Deployment Process
I-SD-B: Secret Management
Secure Deployment: Quiz
Defect Management
I-DM-A: Defect Tracking
I-DM-B: Metrics and Feedback
Defect Management: Quiz
Introduction to Verification
Architecture Assessment
V-AA-A: Architecture Validation
V-AA-B: Architecture Mitigation
Architecture Assessment: Quiz
Requirements-Driven Testing
V-RT-A: Control Verification
V-RT-B: Misuse/Abuse Testing
Requirements-Driven Testing: Quiz
Security Testing
V-ST-A: Scalable Baseline
V-ST-B: Deep Understanding
Security Testing: Quiz
Introduction to Operations
Incident Management
O-IM-A: Incident Detection
O-IM-B: Incident Response
Incident Management: Quiz
Environment Management
O-EM-A: Configuration Hardening
O-EM-B: Patching and Updating
Environment Management: Quiz
Operational Management
O-OM-A: Data Protection
O-OM-B: System Decommissioning
Operational Management: Quiz
I have been using the SAMM for a long time and I always have some doubts about some quality criteria, mainly in the beginning (Governance), but this training gave me a clear comprehension of to how use this framework efficiently. I firmly believe ...
Read MoreI have been using the SAMM for a long time and I always have some doubts about some quality criteria, mainly in the beginning (Governance), but this training gave me a clear comprehension of to how use this framework efficiently. I firmly believe that this training will help a lot of companies to increase their security maturity level. Undoubtedly I recommend this training not only to appsec team, but for all that are involved in all software lifecycle.
Read LessReally well thougth out course. The cadence and organization of the content are near perfection. The simplicity and elegance of the platform makes watching the course a joy.
Really well thougth out course. The cadence and organization of the content are near perfection. The simplicity and elegance of the platform makes watching the course a joy.
Read LessI would recommend anyone from beginner to expert to take this course as a update to their security learning or a refresher!
I would recommend anyone from beginner to expert to take this course as a update to their security learning or a refresher!
Read LessThis is a must-do course for every IT professional, it gives clear insights and lifts your company's security to the next level. In one word: Awesome ! Thanks a lot
This is a must-do course for every IT professional, it gives clear insights and lifts your company's security to the next level. In one word: Awesome ! Thanks a lot
Read LessA great deep-dive into the SAMM model that gives actionnable inputs and valuable data to start an assessment. Thanks to the Core team!
A great deep-dive into the SAMM model that gives actionnable inputs and valuable data to start an assessment. Thanks to the Core team!
Read LessI've just take the governance course and thats awesome!
I've just take the governance course and thats awesome!
Read LessVery helpful in grasping the ideas to asses the security posture of application Being built, deployed and managed.
Very helpful in grasping the ideas to asses the security posture of application Being built, deployed and managed.
Read LessIt shows very interesting points about how assessments can be done!
It shows very interesting points about how assessments can be done!
Read LessEverything has been explained very clearly until now. Even non-technical people can understand what the benefits are of implementing SAMM, which at our office will become usefull. My compliments to the person who has presented all these slides.
Everything has been explained very clearly until now. Even non-technical people can understand what the benefits are of implementing SAMM, which at our office will become usefull. My compliments to the person who has presented all these slides.
Read Less