SlideShare uma empresa Scribd logo

Owasp hyd 28_dec2013_opensamm

Transferir como PPTX, PDF
M S Sripati
M S Sripati
TecnologiaNegócios
1 de 25
http://digitalcatharsis.files.wordpress.com/2008/10/sleeping-man_ml.jpg Good Morning
openSAMM { Why & How?
http://api.ning.com/files/OMGuiScfW0WEzLqgZ-vEG1Gocfg9TzXJ*3p8tfJVh6piUZb380lsGCXDJa0aFePIDX7qFwM16dSET5kxHSYqOcFNjdBtZiK/elephant.jpg
http://30dom.com/wp-content/uploads/2013/11/olympic-weight-lifting-wallpaperli-xueying-weightlifting-olympic--china-photos-and-wallpapers-nusxdel.jpg
http://www.veracode.com/blog/wp-content/uploads/2013/06/bug-bounty-programs.jpg
https://www.owasp.org/images/thumb/f/ff/Security_in_the_SDLC_Process.png/600px-Security_in_the_SDLC_Process.png
http://devpolicy.org/wp-content/uploads/2013/08/Value-for-money.jpg
http://www.rms.net/roi_investreturn.gif
http://www.shipulski.com/wp-content/uploads/2012/06/Impossible.jpeg
https://s3.amazonaws.com/pbblogassets/uploads/2013/04/donkey-pulling-cart.jpg
http://www.you-stylish-barcelona-apartments.com/blog/wp-content/uploads/2010/09/what-to-do.JPG.jpeg
   Classification system for a set of processes / function Shows characteristics of processes over different levels Examples    CMMI (DEV, SVC, ACQ) SSE-CMM BSIMM, openSAMM, etc Maturity Models
   Open Software Assurance Maturity Model OWASP Project Open framework to help organizations     Formulate Implement Strategy for software security Tailored to the specific risks facing the organization openSAMM
  Recognizes 4 type of business functions Any organization performing software development would have these (names could be different) openSAMM
  3 business practices for each function 3 objectives (for levels) under each practice     0 (implied starting point, not included) 1 (initial understanding and ad hoc provision of practice) 2 (increase efficiency / effectiveness of practice) 3 (comprehensive mastery of the practice) openSAMM - Security Practices
openSAMM - Example
 For every level, SAMM defines        Objective Activities Results Success Metrics Costs Personnel Related Levels openSAMM
http://creativeconstruction.files.wordpress.com/2013/02/how_to_do_one_thing_at_a_time.jpg
http://www.jasonshen.com/wp-content/uploads/2012/04/buy-in-image-560x355.jpg
Step 2 - Perform Gap Assessment
Step 3 - Create Roadmap / Assurance Program
  Perform practices / activities for level 1 Keep assessing it till you are satisfied and the scorecard tells you to   Inform management with the updated roadmap in a periodic manner Move to next level after you are done with the previous one Step 4 - Execute with periodic reviews
  www.sripati.info http://in.linkedin.com/in/sripati Who Am I
  http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt http://www.opensamm.org/downloads/resources/20090602Software%20Assurance%20Maturity%20Model.ppt Credits

Recomendados

Task 3 mood board
Task 3 mood boardTask 3 mood board
Task 3 mood board
CallumDrakeCPFC
 
Cite sources
Cite sourcesCite sources
Cite sources
copelandadam
 
Auto
AutoAuto
Auto
Onny Kusoet
 
smartwatch
smartwatchsmartwatch
smartwatch
taksumi
 
Abstracciones configuraciones
Abstracciones configuracionesAbstracciones configuraciones
Abstracciones configuraciones
Norma Leon
 
Slide show koby
Slide show kobySlide show koby
Slide show koby
Koby Bridges
 
Mood board
Mood boardMood board
Mood board
davidhall1415
 
Robot moodboard word
Robot moodboard wordRobot moodboard word
Robot moodboard word
VictoriaLBS
 

Recomendados

Task 3 mood board
Task 3 mood boardTask 3 mood board
Task 3 mood board
CallumDrakeCPFC
 
Cite sources
Cite sourcesCite sources
Cite sources
copelandadam
 
Auto
AutoAuto
Auto
Onny Kusoet
 
smartwatch
smartwatchsmartwatch
smartwatch
taksumi
 
Abstracciones configuraciones
Abstracciones configuracionesAbstracciones configuraciones
Abstracciones configuraciones
Norma Leon
 
Slide show koby
Slide show kobySlide show koby
Slide show koby
Koby Bridges
 
Mood board
Mood boardMood board
Mood board
davidhall1415
 
Robot moodboard word
Robot moodboard wordRobot moodboard word
Robot moodboard word
VictoriaLBS
 
Water and Life
Water and LifeWater and Life
Water and Life
Kella Randolph
 
Expansion & Industrialization
Expansion & IndustrializationExpansion & Industrialization
Expansion & Industrialization
malammert
 
Research referance images
Research referance imagesResearch referance images
Research referance images
nazaryth98
 
Usability testing and Silverback (in Japanese)
Usability testing and Silverback (in Japanese)Usability testing and Silverback (in Japanese)
Usability testing and Silverback (in Japanese)
Oli Studholme
 
Works cited
Works citedWorks cited
Works cited
falcone123
 
E6 motion graphic research
E6 motion graphic researchE6 motion graphic research
E6 motion graphic research
MartinDevney
 
Portfolio1
Portfolio1Portfolio1
Portfolio1
chitrabhardwaj
 
C17 gm
C17 gmC17 gm
C17 gm
hindujudaic
 
Dream Jobs
Dream JobsDream Jobs
Dream Jobs
Mike Kornacki
 
Moodboard
MoodboardMoodboard
Moodboard
eduriez
 
Anexos
AnexosAnexos
Anexos
Daniel Mogrovejo
 
Photographic elements
Photographic elementsPhotographic elements
Photographic elements
JaredTA
 
Abstracciones
AbstraccionesAbstracciones
Abstracciones
Norma Leon
 
French Power Point
French Power PointFrench Power Point
French Power Point
Shayan Yazdani
 
Emily Imbrogno HIST 3ES3
Emily Imbrogno HIST 3ES3 Emily Imbrogno HIST 3ES3
Emily Imbrogno HIST 3ES3
imbrogef
 
Ai
Ai Ai
Ai
nutthawat
 
Task 1 aptureure
Task 1 aptureureTask 1 aptureure
Task 1 aptureure
munirba
 
Symbiosis mutualism
Symbiosis mutualismSymbiosis mutualism
Symbiosis mutualism
Viviana Dewi
 
Darius williamsvisual resume
Darius williamsvisual resumeDarius williamsvisual resume
Darius williamsvisual resume
beatz252
 
Logan composition (2)
Logan composition (2)Logan composition (2)
Logan composition (2)
loganm
 
Traditional symbols in literature with music
Traditional symbols in literature with musicTraditional symbols in literature with music
Traditional symbols in literature with music
kcurranlitlover
 
Traditional symbols in literature
Traditional symbols in literatureTraditional symbols in literature
Traditional symbols in literature
kcurranlitlover
 

Mais conteúdo relacionado

Mais procurados

Expansion & Industrialization
Expansion & IndustrializationExpansion & Industrialization
Expansion & Industrialization
malammert
 
Research referance images
Research referance imagesResearch referance images
Research referance images
nazaryth98
 
E6 motion graphic research
E6 motion graphic researchE6 motion graphic research
E6 motion graphic research
MartinDevney
 
Moodboard
MoodboardMoodboard
Moodboard
eduriez
 
Photographic elements
Photographic elementsPhotographic elements
Photographic elements
JaredTA
 
Emily Imbrogno HIST 3ES3
Emily Imbrogno HIST 3ES3 Emily Imbrogno HIST 3ES3
Emily Imbrogno HIST 3ES3
imbrogef
 
Symbiosis mutualism
Symbiosis mutualismSymbiosis mutualism
Symbiosis mutualism
Viviana Dewi
 

Mais procurados (19)

Water and Life
Water and LifeWater and Life
Water and Life
 
Expansion & Industrialization
Expansion & IndustrializationExpansion & Industrialization
Expansion & Industrialization
 
Research referance images
Research referance imagesResearch referance images
Research referance images
 
Usability testing and Silverback (in Japanese)
Usability testing and Silverback (in Japanese)Usability testing and Silverback (in Japanese)
Usability testing and Silverback (in Japanese)
 
Works cited
Works citedWorks cited
Works cited
 
E6 motion graphic research
E6 motion graphic researchE6 motion graphic research
E6 motion graphic research
 
Portfolio1
Portfolio1Portfolio1
Portfolio1
 
C17 gm
C17 gmC17 gm
C17 gm
 
Dream Jobs
Dream JobsDream Jobs
Dream Jobs
 
Moodboard
MoodboardMoodboard
Moodboard
 
Anexos
AnexosAnexos
Anexos
 
Photographic elements
Photographic elementsPhotographic elements
Photographic elements
 
Abstracciones
AbstraccionesAbstracciones
Abstracciones
 
French Power Point
French Power PointFrench Power Point
French Power Point
 
Emily Imbrogno HIST 3ES3
Emily Imbrogno HIST 3ES3 Emily Imbrogno HIST 3ES3
Emily Imbrogno HIST 3ES3
 
Ai
Ai Ai
Ai
 
Task 1 aptureure
Task 1 aptureureTask 1 aptureure
Task 1 aptureure
 
Symbiosis mutualism
Symbiosis mutualismSymbiosis mutualism
Symbiosis mutualism
 
Darius williamsvisual resume
Darius williamsvisual resumeDarius williamsvisual resume
Darius williamsvisual resume
 

Semelhante a Owasp hyd 28_dec2013_opensamm

Logan composition (2)
Logan composition (2)Logan composition (2)
Logan composition (2)
loganm
 
Sources for pictures
Sources for picturesSources for pictures
Sources for pictures
kajani1991
 
Banco de imagenes
Banco de imagenesBanco de imagenes
Banco de imagenes
Norma Leon
 
Indian navy's p 8 i (3)
Indian navy's p 8 i (3)Indian navy's p 8 i (3)
Indian navy's p 8 i (3)
hindujudaic
 
Mal uso del internet2
Mal uso del internet2Mal uso del internet2
Mal uso del internet2
vguitar
 
Indian navy's p 8 i
Indian navy's p 8 iIndian navy's p 8 i
Indian navy's p 8 i
hindujudaic
 
Command keynote! part 2p2p2
Command keynote! part 2p2p2Command keynote! part 2p2p2
Command keynote! part 2p2p2
ambersweet95
 
Ha5 homework sidekick Daryl
Ha5 homework sidekick DarylHa5 homework sidekick Daryl
Ha5 homework sidekick Daryl
DarylBatesGames
 

Semelhante a Owasp hyd 28_dec2013_opensamm (20)

Logan composition (2)
Logan composition (2)Logan composition (2)
Logan composition (2)
 
Traditional symbols in literature with music
Traditional symbols in literature with musicTraditional symbols in literature with music
Traditional symbols in literature with music
 
Traditional symbols in literature
Traditional symbols in literatureTraditional symbols in literature
Traditional symbols in literature
 
Thaddeus marshall Personal Persona Project
Thaddeus marshall Personal Persona ProjectThaddeus marshall Personal Persona Project
Thaddeus marshall Personal Persona Project
 
Comportamientos digitales
Comportamientos digitalesComportamientos digitales
Comportamientos digitales
 
Comportamientos digitales
Comportamientos digitalesComportamientos digitales
Comportamientos digitales
 
Lca navy
Lca navyLca navy
Lca navy
 
Moodboard
MoodboardMoodboard
Moodboard
 
Sources for pictures
Sources for picturesSources for pictures
Sources for pictures
 
Banco de imagenes
Banco de imagenesBanco de imagenes
Banco de imagenes
 
Indian navy's p 8 i (3)
Indian navy's p 8 i (3)Indian navy's p 8 i (3)
Indian navy's p 8 i (3)
 
Mal uso del internet2
Mal uso del internet2Mal uso del internet2
Mal uso del internet2
 
Indian navy's p 8 i
Indian navy's p 8 iIndian navy's p 8 i
Indian navy's p 8 i
 
Robot moodboard
Robot moodboardRobot moodboard
Robot moodboard
 
Command keynote! part 2p2p2
Command keynote! part 2p2p2Command keynote! part 2p2p2
Command keynote! part 2p2p2
 
Ha5 homework sidekick Daryl
Ha5 homework sidekick DarylHa5 homework sidekick Daryl
Ha5 homework sidekick Daryl
 
Tactics for Implementing Test Automation for Legacy Code
Tactics for Implementing Test Automation for Legacy CodeTactics for Implementing Test Automation for Legacy Code
Tactics for Implementing Test Automation for Legacy Code
 
Mirage 2000
Mirage 2000Mirage 2000
Mirage 2000
 
Números Naturais-EJA
Números Naturais-EJANúmeros Naturais-EJA
Números Naturais-EJA
 
Comportamientos digitales!
Comportamientos digitales! Comportamientos digitales!
Comportamientos digitales!
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Último (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

Owasp hyd 28_dec2013_opensamm

Notas do Editor

  1. Management View of secure SDLC
  2. This is what management usually expects people to implement security
  3. An organization changes over time, as a result of which, business prefers indicators that show progress across various areas of implementation to gauge where we are going