OWASP SAMM Fundamentals
In this course we provide an overview of the OWASP Software Assurance Maturity Model. We dive deep into its 5 Business Functions and provide guidance when it comes to the nitty-gritty of each Security Practice.
Welcome to SAMM Fundamentals
Terms of Reference
The Application Security Problem
SDLC Overview
SAMM Vision and History
SAMM Structure
The Model as an Assessment Tool
Establishing an Assessment Scope
Methodology for Using the Model
Introducing the Case Studies
Introduction to Governance
Strategy & Metrics
G-SM-A: Create and Promote
G-SM-B: Measure and Improve
Strategy & Metrics: Quiz
Policy & Compliance
G-PC-A: Policy and Standards
G-PC-B: Compliance Management
Policy & Compliance: Quiz
Education & Guidance
G-EG-A: Training and Awareness
G-EG-B: Organization and Culture
Education & Guidance: Quiz
Introduction to Design
Threat Assessment
D-TA-A: Application Risk Profile
D-TA-B: Threat Modeling
Threat Assessment: Quiz
Security Requirements
D-SR-A: Software Requirements
D-SR-B: Supplier Security
Security Requirements: Quiz
Security Architecture
D-SA-A: Architecture Design
D-SA-B: Technology Management
Security Architecture: Quiz
Introduction to Implementation
Secure Build
I-SB-A: Build Process
I-SB-B: Software Dependencies
Secure Build: Quiz
Secure Deployment
I-SD-A: Deployment Process
I-SD-B: Secret Management
Secure Deploy: Quiz
Defect Management
I-DM-A: Defect Tracking
I-DM-B: Metrics and Feedback
Defect Management: Quiz
Introduction to Verification
Architecture Assessment
V-AA-A: Architecture Validation
V-AA-B: Architecture Mitigation
Architecture Assessment: Quiz
Requirements-Driven Testing
V-RT-A: Control Verification
V-RT-B: Misuse/Abuse Testing
Requirements-Driven Testing: Quiz
Security Testing
V-ST-A: Scalable Baseline
V-ST-B: Deep Understanding
Security Testing: Quiz
Introduction to Operations
Incident Management
O-IM-A: Incident Detection
O-IM-B: Incident Response
Incident Management: Quiz
Environment Management
O-EM-A: Configuration Hardening
O-EM-B: Patching and Updating
Environment Management: Quiz
Operational Management
O-OM-A: Data Protection
O-OM-B: System Decommissioning
Operational Management: Quiz