OWASP SAMM Fundamentals Training

OWASP SAMM Fundamentals

In this course we provide an overview of the OWASP Software Assurance Maturity Model. We dive deep into its 5 Business Functions and provide guidance when it comes to the nitty-gritty of each Security Practice.

Enroll for free

Course curriculum

1. Welcome to SAMM Fundamentals
2. Terms of Reference
3. The Application Security Problem
4. SDLC Overview
5. SAMM Vision and History
6. SAMM Structure
7. The Model as an Assessment Tool
8. Establishing an Assessment Scope
9. Methodology for Using the Model
10. Introducing the Case Studies
1. Introduction to Governance
2. Strategy & Metrics
3. G-SM-A: Create and Promote
4. G-SM-B: Measure and Improve
5. Strategy & Metrics: Quiz
6. Policy & Compliance
7. G-PC-A: Policy and Standards
8. G-PC-B: Compliance Management
9. Policy & Compliance: Quiz
10. Education & Guidance
11. G-EG-A: Training and Awareness
12. G-EG-B: Organization and Culture
13. Education & Guidance: Quiz
1. Introduction to Design
2. Threat Assessment
3. D-TA-A: Application Risk Profile
4. D-TA-B: Threat Modeling
5. Threat Assessment: Quiz
6. Security Requirements
7. D-SR-A: Software Requirements
8. D-SR-B: Supplier Security
9. Security Requirements: Quiz
10. Security Architecture
11. D-SA-A: Architecture Design
12. D-SA-B: Technology Management
13. Security Architecture: Quiz
1. Introduction to Implementation
2. Secure Build
3. I-SB-A: Build Process
4. I-SB-B: Software Dependencies
5. Secure Build: Quiz
6. Secure Deployment
7. I-SD-A: Deployment Process
8. I-SD-B: Secret Management
9. Secure Deploy: Quiz
10. Defect Management
11. I-DM-A: Defect Tracking
12. I-DM-B: Metrics and Feedback
13. Defect Management: Quiz
1. Introduction to Verification
2. Architecture Assessment
3. V-AA-A: Architecture Validation
4. V-AA-B: Architecture Mitigation
5. Architecture Assessment: Quiz
6. Requirements-Driven Testing
7. V-RT-A: Control Verification
8. V-RT-B: Misuse/Abuse Testing
9. Requirements-Driven Testing: Quiz
10. Security Testing
11. V-ST-A: Scalable Baseline
12. V-ST-B: Deep Understanding
13. Security Testing: Quiz
1. Introduction to Operations
2. Incident Management
3. O-IM-A: Incident Detection
4. O-IM-B: Incident Response
5. Incident Management: Quiz
6. Environment Management
7. O-EM-A: Configuration Hardening
8. O-EM-B: Patching and Updating
9. Environment Management: Quiz
10. Operational Management
11. O-OM-A: Data Protection
12. O-OM-B: System Decommissioning
13. Operational Management: Quiz
1. Setting Improvement Targets
2. Benchmark Initiative
3. Critical Success Factors
4. Epilogue

About this course

Free
79 lessons
5 hours of video content

Discover your potential, starting today

Enroll today

Introduction

Governance

Design

Implementation

Verification

Operations

What's next

About this course