CyberSecurity // Azure // Frontend // Svelte // Cloud Native // Software // CyberSecurity // Azure // Frontend // Svelte // Cloud Native // Software

OWASP SAMM

Cover for OWASP SAMM

OWASP

The Open Worldwide Application Security Project®, or OWASP for short, is a nonprofit foundation that works to improving the global landscape of cyber security. The foundation hosts many (285 at the time of writing) projects related to cyber security, al of which are community-led and open-source.

OWASP foundation

Image: OWASP foundation

The foundation provides security resources, training and a vibrant community around security. OWASP hosts local chapters which are free and open for anyone to attend. They provide a great opportunity to attend training sessions and talks, while also allowing you to expand your network. I myself attended the Benelux OWASP chapter in Tilburg last year.

OWASP SAMM

The Software Assurance Maturity Model, or SAMM for short is an open-source framework to help software teams start and improve their secure software development lifecycle.

Structure

The model consists out of 5 different business functions. A business function is a group of activities that are relevant to software development companies. Each business function has 3 security practices, which are divided into two streams. Finally, for every security practice there are 3 defined maturity levels.

SAMM Structure © OWASP

Image: SAMM Structure © OWASP

The image below gives a clear overview of all the different security practices that are defined in the SAMM model. View the original model image

SAMM Model © OWASP

Image: SAMM Model © OWASP

All the different security practices can be viewed at [https://owaspsamm.org/model/] (the SAMM model overview)

Getting started

SAMM provides a lot of guidance to get started with using the model. A typical approach consists of:

  • Going trough the assesment
  • Setting the maturity level target
  • Create implementation plan
  • Roll-out

Consider this only as the starting point, as OWASP SAMM is suited for continuous improvement! The quick start guide provides detailed instructions on how to get started using SAMM.