Difference between revisions of "OWASP SAMM Project"

From OWASP
Jump to: navigation, search
m
m (Quick Download v1.1.1)
(100 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 
= Main =  
 
= Main =  
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
+
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=]]</div>
  
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
+
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
  
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 +
 +
'''OWASP SAMM v1.5 available in the downloads section!'''
 +
 +
We are now working on the Beta release of OWASP SAMMv2, our work in progress is available [https://owaspsamm.org online on our new web site]. <br>
 +
 +
'''Join our monthly calls'''
 +
* The monthly call is on each 2nd Wednesday of the month at 21h30 CEST / 3:30pm EST. <br>
 +
* Please join our GoToMeeting: https://global.gotomeeting.com/join/262891661 <br>
 +
* The call is open for everybody interested in SAMM or who wants to work on SAMM. <br>
 +
 +
'''Join us on the OWASP SAMM project Slack channel'''
 +
* Join our project slack channel on https://owasp.slack.com/messages/C0VF1EJGH
 +
* If you do not have an OWASP Slack workspace account yet, contact one of our project leaders to get an invite link.
 +
 +
'''2018 OWASP SAMM Summit (4-8 JUNE 2018, London)'''
 +
* Join our 2018 OWASP SAMM Summit near London as part of the [https://open-security-summit.org/ Open Security Summit].<br>
 +
* We will organize working sessions in a 5-day sprint to draft SAMM v2.0.
 +
* Register online [https://open-security-summit.org/tickets/ here]
 +
* Sponsor the SAMM2, more details [https://www.owasp.org/index.php/OWASP_SAMM_Project#tab=Project_Sponsors here]
 +
 
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:
 
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:
 
* '''Evaluate an organization’s existing software security practices'''
 
* '''Evaluate an organization’s existing software security practices'''
Line 13: Line 33:
  
  
[[Image:DownloadButton.png | link=https://www.owasp.org/images/c/c0/SAMM-1.0.pdf]]
 
  
 +
''Dell uses OWASP’s Software Assurance Maturity Model (Owasp SAMM) to help focus our resources and determine which components of our secure application development program to prioritize.'',  ('''Michael J. Craigue, Information Security & Compliance, Dell, Inc.''')
  
''Dell uses OWASP’s Software Assurance Maturity Model (OpenSAMM) to help focus our resources and determine which components of our secure application development program to prioritize.'',  ('''Michael J. Craigue, Information Security & Compliance, Dell, Inc.''')
+
Follow OWASP SAMM on twitter: [https://twitter.com/owaspsamm @owaspsamm]
 
 
Want a very quick introduction? See the TBD - Quickstart Guide
 
 
 
For a slightly longer introduction see the latest [https://www.owasp.org/images/4/47/OpenSAMM_-_OWASP_USA_2014_-_Seba-Pravir.pptx project presentation].
 
 
 
Browse the SAMM model online here TBD
 
  
 +
{{Social Media Links}}
  
{{Social Media Links}}
+
| valign="top" style="padding-left:25px;width:200px;" |
  
| valign="top"  style="padding-left:25px;width:200px;" |
+
== Quick Download v1.5 ==
 +
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/OWASP_SAMM_v1.5.zip All SAMM v1.5 files (.zip)] <br>
 +
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_Core_V1-5_FINAL.pdf SAMM Core Model] <br>
 +
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_How_To_V1-5_FINAL.pdf How-To Guide] <br>
 +
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_Quick_Start_V1-5_FINAL.pdf Quick Start Guide] <br>
 +
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_Assessment_Toolbox_v1.5_FINAL.xlsx SAMM Toolbox] <br>
 +
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_Assessment_Toolbox_v1.5-Example_FINAL.xlsx SAMM Toolbox Example] <br>
 +
[https://github.com/OWASP/samm/ OWASP SAMM on GitHub]
  
== Quick Download ==
+
== Quick Download v1.1.1 ==
  
[https://www.owasp.org/images/c/c0/SAMM-1.0.pdf Download OWASP SAMM!]
+
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.1/Final/SAMM_Core_V1-1-Final-1page.pdf SAMM Core Model]<br>
 +
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.1/Final/SAMM_How_To_V1-1-Final-1page.pdf How-To Guide] <br>
 +
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.1/Final/SAMM_Quick_Start_V1-1-Final-1page.pdf Quick-Start Guide] <br>
 +
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.1/Final/SAMM_Assessment_Toolbox_v1-1-Final.xlsx Updated SAMM Tool Box]<br>
 +
[https://github.com/OWASP/samm OWASP SAMM on GitHub]
  
 
== News and Events ==
 
== News and Events ==
Line 37: Line 63:
  
 
== Change Log ==
 
== Change Log ==
* TBD
+
* OWASP SAMM v1.5 Released! ([http://www.prnewswire.com/news-releases/owasp-samm-v15-helps-organizations-improve-their-security-posture-300439237.html Press Release])
 
+
* OWASP SAMM v1.1 Released! ([http://www.prnewswire.com/news-releases/owasp-releases-software-assurance-maturity-model-samm-version-11-for-improving-software-security-300236836.html Press Release])
 +
* OpenSAMM v1.1 RC - [http://lists.owasp.org/pipermail/samm/2015-December/000758.html available for review]
  
 
== Email List ==
 
== Email List ==
Line 46: Line 73:
 
== Project Leaders ==
 
== Project Leaders ==
  
Project Leaders<br/>[https://www.owasp.org/index.php/User:Sdeleersnyder Seba Deleersnyder] [https://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra]
+
[https://www.owasp.org/index.php/User:Sdeleersnyder Seba Deleersnyder] <br /> [https://www.owasp.org/index.php/User:Bart_De_Win Bart De Win]
[https://www.owasp.org/index.php/Kuai_Hinojosa Kuai Hinojosa] [https://www.owasp.org/index.php/User:Bart_De_Win Bart De Win]  
 
  
 
== Related Projects ==
 
== Related Projects ==
Line 58: Line 84:
 
   {| width="200" cellpadding="2"
 
   {| width="200" cellpadding="2"
 
   |-
 
   |-
   | align="center" valign="top" rowspan="2" width="50%" | [[File:Midlevel projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
+
   | rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
   | align="center" valign="center" width="50%"| [[File:Owasp-defenders-small.png|link=]]
+
   | align="center" valign="center" width="50%" | [[File:Owasp-defenders-small.png|link=]]
 
   |
 
   |
 
   |-
 
   |-
   | align="center" valign="center" width="50%"| [[File:Owasp-builders-small.png|link=]]   
+
   | align="center" valign="center" width="50%" | [[File:Owasp-builders-small.png|link=]]   
 
   |-
 
   |-
   | colspan="2" align="center" | [http://creativecommons.org/licenses/by-sa/3.0/ C C A-S Alike 3.0]
+
   | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 
   |-
 
   |-
   | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
+
   | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
 
   |}
 
   |}
  
 
|}
 
|}
 +
 +
= Browse Online =
 +
[[Image:OwaspSAMM.png|right]]
 +
 +
The foundation of the model is built upon the core business functions of software development with security practices tied to each (see diagram below). The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities in which an organization could engage to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.
 +
 +
[[Image:SAMM-Overview.png|720px]]
 +
 +
===== Click on any badge to learn more =====
 +
 +
{| cellpadding="1"
 +
|[https://www.owasp.org/index.php/SAMM_-_Governance https://www.owasp.org/images/f/f7/G.png]
 +
|-
 +
| align="center" |'''Strategy & Metrics'''
 +
|{{SAMM-BadgeList|name=Strategy_&_Metrics|abbr=SM|padding=0}}
 +
|-
 +
| align="center" |'''Policy & Compliance'''
 +
|{{SAMM-BadgeList|name=Policy_&_Compliance|abbr=PC|padding=0}}
 +
|-
 +
| align="center" |'''Education & Guidance'''
 +
|{{SAMM-BadgeList|name=Education_&_Guidance|abbr=EG|padding=0}}
 +
|-
 +
|[https://www.owasp.org/index.php/SAMM_-_Construction https://www.owasp.org/images/e/ee/C.png]
 +
|-
 +
| align="center" |'''Threat Assessment'''
 +
|{{SAMM-BadgeList|name=Threat_Assessment|abbr=TA|padding=0}}
 +
|-
 +
| align="center" |'''Security Requirements'''
 +
|{{SAMM-BadgeList|name=Security_Requirements|abbr=SR|padding=0}}
 +
|-
 +
| align="center" |'''Secure Architecture'''
 +
|{{SAMM-BadgeList|name=Secure_Architecture|abbr=SA|padding=0}}
 +
|-
 +
|[https://www.owasp.org/index.php/SAMM_-_Verification https://www.owasp.org/images/8/83/V.png]
 +
|-
 +
| align="center" |'''Design Review'''
 +
|{{SAMM-BadgeList|name=Design_Review|abbr=DR|padding=0}}
 +
|-
 +
| align="center" |'''Code Review'''
 +
|{{SAMM-BadgeList|name=Code_Review|abbr=CR|padding=0}}
 +
|-
 +
| align="center" |'''Security Testing'''
 +
|{{SAMM-BadgeList|name=Security_Testing|abbr=ST|padding=0}}
 +
|-
 +
|[https://www.owasp.org/index.php/SAMM_-_Deployment https://www.owasp.org/images/5/54/D.png]
 +
|-
 +
| align="center" |'''Vulnerability Management'''
 +
|{{SAMM-BadgeList|name=Vulnerability_Management|abbr=VM|padding=0}}
 +
|-
 +
| align="center" |'''Environment Hardening'''
 +
|{{SAMM-BadgeList|name=Environment_Hardening|abbr=EH|padding=0}}
 +
|-
 +
| align="center" |'''Operational Enablement'''
 +
|{{SAMM-BadgeList|name=Operational_Enablement|abbr=OE|padding=0}}
 +
|-
 +
|}
 +
 +
= Downloads =
 +
 +
The latest work in progress can be found on Github: https://github.com/OWASP/samm
 +
 +
Download SAMM v1.5
 +
* [https://github.com/OWASP/samm/blob/master/v1.5/Final/OWASP_SAMM_v1.5.zip All SAMM v1.5 files (.zip)] Zip file containing all the v1.5 files below;
 +
* [https://github.com/OWASP/samm/blob/master/v1.5/Final/SAMM_Core_V1-5_FINAL.pdf SAMM Core Model] document, explaining the maturity model;
 +
* [https://github.com/OWASP/samm/blob/master/v1.5/Final/SAMM_How_To_V1-5_FINAL.pdf How-To Guide] with implementation guidance;
 +
* [https://github.com/OWASP/samm/blob/master/v1.5/Final/SAMM_Quick_Start_V1-5_FINAL.pdf Quick-Start Guide] with different steps to improve your secure software practice;
 +
* [https://github.com/OWASP/samm/blob/master/v1.5/Final/SAMM_Assessment_Toolbox_v1.5_FINAL.xlsx SAMM Toolbox] to perform SAMM assessments and create SAMM roadmaps;
 +
* [https://github.com/OWASP/samm/blob/master/v1.5/Final/SAMM_Assessment_Toolbox_v1.5-Example_FINAL.xlsx SAMM Tool Box Example] to provide an example SAMM assessment;
 +
 +
Download SAMM v1.1
 +
* [https://github.com/OWASP/samm/blob/master/v1.1/Final/SAMM_Core_V1-1-Final.pdf SAMM Core Model] document, explaining the maturity model;
 +
* [https://github.com/OWASP/samm/blob/master/v1.1/Final/SAMM_How_To_V1-1-Final.pdf How-To Guide] with implementation guidance;
 +
* [https://github.com/OWASP/samm/blob/master/v1.1/Final/SAMM_Quick_Start_V1-1-Final.pdf Quick-Start Guide] with different steps to improve your secure software practice;
 +
* [https://github.com/OWASP/samm/blob/master/v1.1/Final/SAMM_Assessment_Toolbox_v1-1-Final.xlsx Updated SAMM Tool Box] to perform SAMM assessments and create SAMM roadmaps;
 +
 +
Download OpenSAMM v1.0:
 +
* in [https://www.owasp.org/images/c/c0/SAMM-1.0.pdf English - PDF], [https://www.owasp.org/images/2/25/SAMM-1.0-en_US-0.3.xml.zip English - XML]
 +
* in [https://www.owasp.org/images/a/a9/SAMM-1.0-es_MX.pdf Spanish - PDF], [https://www.owasp.org/images/a/a1/SAMM-1.0-es_MX-0.3.xml.zip Spanish - XML]
 +
* in [https://www.owasp.org/images/a/a9/SAMM-1.0-ja_JP.pdf Japanese - PDF], not available as XML
 +
* in [https://www.owasp.org/images/f/fd/SAMM-1.0-cn.pdf Chinese - PDF], not available as XML
 +
 +
 +
Available resources to apply SAMM:
 +
* Browse OWASP and other resources for SAMM Security practices: [[:Category:SAMM-Resources]]
 +
 +
 +
Trainings:
 +
* Recent OWASP SAMM 1-Day training slide deck delivered by Bart De Win and Sebastien Deleersnyder at AppSec Europe 2014 in Cambridge
 +
** Slide deck download [https://www.owasp.org/images/d/df/OpenSAMM_Training_vFINAL.pptx here]
 +
** Training description download [https://www.owasp.org/images/7/7c/Training_-_Bootstrap_and_improve_your_SDLC_with_OpenSAMM.docx here]
 +
 +
 +
Assessments:
 +
* SAMM v1.5 Toolbox
 +
** Download the new v1.5 Toolbox with the updated scoring model [https://github.com/OWASP/samm/blob/master/v1.5/Final/SAMM_Assessment_Toolbox_v1.5_FINAL.xlsx SAMM v1.5 Toolbox]
 +
* SAMM v1.1 Toolbox
 +
** download the v1.1 toolbox, including the updated questions [https://github.com/OWASP/samm/blob/master/v1.1/Final/SAMM_Assessment_Toolbox_v1-1-Final.xlsx here]
 +
* Assessment Interview Template by Nick Coblentz for SAMM V1.0
 +
** This [https://www.owasp.org/images/c/cf/20090607-SAMMAssessmentInterviewTemplate-1.0.xls spreadsheet] breaks down the assessment questionnaire from the SAMM framework into assertion statements that can be used to drive assessment interviews.
 +
* Roadmap Chart Template by Colin Watson for SAMM V1.0
 +
** This [https://www.owasp.org/images/e/e2/20090610-Samm-roadmap-chart-template.xls spreadsheet] provides a simple way to capture the data for a SAMM roadmap and automatically generate graphics similar to those that appear in the framework.
 +
* Assessment Worksheet by Christian Frichot for SAMM V1.0
 +
** This is an easy-to-use  [https://www.owasp.org/images/e/e2/20090610-Samm-roadmap-chart-template.xls spreadsheet] containing the assessment questionnaire from the SAMM framework. Features some auto-scoring to make the appearance very polished.
 +
* Project Plan Template by Jim Weiler for SAMM V1.0
 +
** This is a [https://www.owasp.org/images/3/33/SAMMProject.zip project plan template] (MS Project) that captures the activities from the SAMM levels. Useful for copying pieces into existing development project schedules.
 +
 +
 +
Mappings:
 +
* BSIMM-6 mapping to SAMM activities:
 +
** Spreadsheet download [https://github.com/OWASP/opensamm/tree/master/v1.1/mapping here]
 +
** Presentation with start of analysis download [https://www.owasp.org/images/6/66/OpenSAMM_-_BSIMM-V_mapping.pptx here]
 +
* BSIMM mapping to SAMM during the 2011 Summit:
 +
** This [https://www.owasp.org/images/2/2e/20110301-OpenSAMM-BSIMM-Mapping.xlsx spreadsheet] contains an activity-level mapping between OpenSAMM and BSIMM. Note that in some cases, multiple BSIMM activities map to a single SAMM activity (109 in BSIMM map to 72 in SAMM).
  
  
= Talks =
+
Tools:
[[Image:zap128x128.png|right]]
+
*Javascript visualization framework for SAMM on [https://github.com/qudosoft-labs/SAMMCharts github]
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
{{:Projects/OWASP Zed Attack Proxy Project/Pages/Talks | Talks}}
 
  
 +
= Community =
  
</div>
+
[[Image:OwaspSAMM.png|right]]
= News =
 
[[Image:zap128x128.png|right]]
 
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
{{:Projects/OWASP Zed Attack Proxy Project/Pages/News | News}}
+
{{:Projects/OWASP SAMM Project/Pages/Community | Community}}
  
 
</div>
 
</div>
= ZAP Gear =
 
[[Image:zap128x128.png|right]]
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
  
Yes, you can now buy ZAP related gear!
+
= Summit =
 +
 
 +
[[Image:OwaspSAMM.png|right]]
 +
 
 +
In 2016 we organized our second OWASP SAMM Summit in New York on 20-21 April, details [https://www.owasp.org/index.php/OWASP_SAMM_Summit_2016 >here<] !!
 +
 
 +
Read the wrap-up of the Summit here: https://docs.google.com/document/d/19_LC1euR7ZuazRYgeblhPE1Fv6E8N56Bu8zANq2JB30/edit
 +
 
 +
 
 +
In 2015 we organized our the first OWASP SAMM Summit in Dublin on 27-28 March, details [https://www.owasp.org/index.php/OWASP_SAMM_Summit_2015 >here<] !!
  
Its your chance to show your support for the project, c/o `CafePress`.
+
Summit Notes:
 +
* 28 Mar 2015 - https://docs.google.com/document/d/1pC4har75olF1WPZaqRfXFG9T3SS_qoEUvHkEynE0iTI/edit
 +
* Summit outcome is described [http://www.opensamm.org/2015/04/opensamm-summit-dublin-outcome/ here]
 +
''"The SAMM summit provided an opportunity to breathe new life into a framework that I use to facilitate my day-to-day work and support my customers."'' Bruce C Jenkins, Fortify Security Lead, Hewlett-Packard Company
  
Click on the tshirt to enter the [http://www.cafepress.com/zaproxy ZAP Gear Store]:
+
Previous workshop Notes:
  
[[Image:zap-tshirt-cp.PNG | link=http://www.cafepress.com/zaproxy]]
+
During the AppSec conferences, the SAMM project team organises workshops for you to influence the direction SAMM evolves.
  
</div>
+
This is also an excellent opportunity to exchange experiences with your peers.
= Supporters =
 
[[Image:zap128x128.png|right]]
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
  
ZAP is developed by a worldwide [http://code.google.com/p/zaproxy/people/list team] of volunteers.
+
If you plan on attending http://appsec.eu  be sure to get involved in the SAMM workshop (scheduled on Jun-23).
 +
* The agenda for the SAMM Workshop in Cambridge on 23-Jun-2014 is available [https://docs.google.com/document/d/1tXqIovpSuFqycVYetdGSC2PiPygySymiLUhHT5yHR2M/edit here].
  
But we have also been helped by many organizations, either financially or by encouraging their employees to work on ZAP:
+
Previous workshop notes:
 +
* The notes for the SAMM Workshop in New York on 21-Nov-2013 are available [https://docs.google.com/document/d/1PwoDVsWyhoWksBiLIRh8UOh-QCs8H7QMqrSUsS13WzU/edit here].
 +
* The notes for the SAMM Workshop in Hamburg on 21-Aug-2013 are available [https://docs.google.com/document/d/12mB7FkmhcI04YDZle_VD90n1xcENgNhAGqZkCAb6EkM/edit here].
  
* [http://www.owasp.org OWASP]
 
* [http://www.mozilla.org Mozilla]
 
* [http://www.sage.co.uk Sage]
 
* [http://www.google.com Google]
 
* [http://www.microsoft.com Microsoft]
 
* [http://www.hacktics.com/ Hacktics, Ernst & Young]
 
* [http://www.dinosec.com/ DinoSec]
 
* [http://www.denimgroup.com Denim Group]
 
* [http://www.aspectsecurity.com/ Aspect Security]
 
* [http://secureideas.net SecureIdeas]
 
* [http://utilisec.com UtiliSec]
 
* [http://www.encription.co.uk/ encription]
 
</div>
 
  
= Functionality =
+
= Talks =
[[Image:zap128x128.png|right]]
+
[[Image:OwaspSAMM.png|right]]
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
'''Some of ZAP's functionality:'''
+
Upcoming talks featuring SAMM are listed here:
 +
 
 +
* OWASP DC - Software Assurance Maturity Model (SAMM) with Brian Glas! (2017-03-15)
 +
* OWASP NoVA - SAMM 1.5, what's changed and how it impacts you (2017-03-16)
 +
* InfoSec World - Software Assurance Maturity Model Evolutions (2017-04-03)
  
* [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsIntercept Intercepting Proxy]
+
past talks:
* [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsSpider Traditional] and AJAX spiders
+
 
* [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsAscan Automated scanner]
+
* OWASP SAMM v1.5 Webinar - Brian Glas discussing the SAMM model and changes in v1.5 (watch - [https://www.youtube.com/watch?v=4pKdwRb8fTI youtube]) - 2017
* [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsPscan Passive scanner]
+
* OWASP 24/7 - Seba Deleersnyder discussing the upcoming SAMM Summit (listen - [https://soundcloud.com/owasp-podcast/seba-deleersnyder-discusses-samm-software-assurance-maturity-model-summit-in-dublin-ireland here]) - 2015
* [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsBruteforce Forced browsing]
+
* OWASP Germany Day 2014: Seba Deleersnyder: OpenSAMM Best Practices: Lessons from the Trenches (download [https://www.owasp.org/images/f/fa/OpenSAMM_Best_Practices_Lessons_from_the_Trenches_-_Seba_Deleersnyder.pdf presentation]) - 2014
* [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsFuzz Fuzzer]
+
* AppSecEU14: Seba Deleersnyder & Bart De Win: OpenSAMM Best Practices: Lessons from the Trenches OpenSAMM Best Practices: Lessons from the Trenches (download [https://www.owasp.org/images/6/6f/OpenSAMM_-_AppSecEU_2014_-_Seba-Bart_v20140528.pptx presentation], see [https://www.youtube.com/watch?v=qcCgeBeBLUg video]) - 2014
* [http://code.google.com/p/zaproxy/wiki/HelpUiDialogsOptionsDynsslcert Dynamic SSL certificates]
+
* AppSecEU13 - Hamburg: Seba Deleersnyder presenting a project update (download [https://www.owasp.org/images/3/32/OpenSAMM_-_Project_Status_-_Hamburg_2013.pdf presentation]) - 2013
* [http://code.google.com/p/zaproxy/wiki/SmartCards Smartcard and Client Digital Certificates support]
+
* OWASP Europe Tour 2013 - Geneva: Seba Deleersnyder presenting OpenSAMM and the renewed project  (download [https://www.owasp.org/images/c/cd/OpenSAMM_-_OWASP_Tour_13_Talk_-_Seba.pptx presentation]) - 2013
* [http://code.google.com/p/zaproxy/wiki/HelpAddonsWebsocketIntroduction Web sockets] support
+
* AppSecEU11 - Athens: Colin Watson presenting SAMM Training (download [https://www.owasp.org/images/1/18/Owasp-training-samm-greece.pdf presentation]) - 2011
* [http://code.google.com/p/zaproxy/wiki/HelpAddonsScriptsScripts Support for a wide range of scripting languages]
+
* AppSecEU09: Pravir Chandra presenting OpenSAMM v1.0 (download [https://www.owasp.org/images/4/49/AppSecEU09_OpenSAMM-1.0.ppt presentation]) - 2009
* [http://code.google.com/p/zaproxy/wiki/HelpAddonsPlugnhackPlugnhack Plug-n-Hack support]
+
* Matt Bartoldus presentation on new SAMM project during OWASP London chapter (download [https://www.owasp.org/images/d/df/OpenSAMM.pdf presentation]) - 2009
* Authentication and session support
+
* Pravir Chandra - first presentation discussing the next generation to the CLASP Project- a complete working of the details into a Software Assurance Maturity Model (SAMM). (download [https://www.owasp.org/images/2/2e/OWASP_CLASP_SAMM.ppt presentation]) - 2009
* [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsApi Powerful REST based API]
 
* Automatic updating option
 
* [https://code.google.com/p/zap-extensions/ Integrated and growing marketplace of add-ons]
 
  
 
</div>
 
</div>
= Features =
+
 
[[Image:zap128x128.png|right]]
+
= News =
 +
[[Image:OwaspSAMM.png|right]]
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
'''Some of ZAP's features:'''
 
  
* [http://www.apache.org/licenses/LICENSE-2.0 Open source]
+
Latest News on SAMM
* Cross platform
+
* OWASP SAMM v2.0 workshop at the OWASP Project Summit June 2017
* Easy to install (just requires java 1.7)
+
* OWASP SAMM v1.5 Released!
* Completely free (no paid for 'Pro' version)
+
* SAMM Summit 2016 read the [https://docs.google.com/document/d/19_LC1euR7ZuazRYgeblhPE1Fv6E8N56Bu8zANq2JB30/edit wrap-up here]  
* Ease of use a priority
+
* OWASP SAMM v1.1 Released! See the [http://www.prnewswire.com/news-releases/owasp-releases-software-assurance-maturity-model-samm-version-11-for-improving-software-security-300236836.html Press Release].
* [http://code.google.com/p/zaproxy/wiki/HelpIntro Comprehensive help pages]
+
* OpenSAMM v1.1 RC - [http://lists.owasp.org/pipermail/samm/2015-December/000758.html available for review]
* Fully internationalized
 
* Translated into over 20 languages
 
* Community based, with involvement actively encouraged
 
* Under active development by an international team of volunteers
 
  
ZAP is a fork of the well regarded [http://www.parosproxy.org/ Paros Proxy].
+
</div>
  
</div>
 
 
= Languages =
 
= Languages =
[[Image:zap128x128.png|right]]
+
[[Image:OwaspSAMM.png|right]]
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
  
'''ZAP supports the following languages:'''
+
'''SAMM v1.0 is available in the following languages:'''
  
 
* English
 
* English
* Arabic
+
* Spanish
* Bosnian
+
* Japanese
* Brazilian Portuguese
 
 
* Chinese
 
* Chinese
* Danish
 
* Filipino
 
* French
 
* German
 
* Greek
 
* Indonesian
 
* Italian
 
* Japanese
 
* Korean
 
* Persian
 
* Polish
 
* Russian
 
* Sinhala
 
* Spanish
 
* Urdu
 
  
You can use [http://crowdin.net/project/owasp-zap Crowdin] to help improve these translations or add new ones right now!
+
Carlos Allendes created a presentation in Spanish on SAMM during the 2011 LatAm tour, download the [https://www.owasp.org/images/c/cf/05_OWASP_LatamTur2011_OpenSAMM.pdf presentation].
 +
Hubert Grégoire and Sebastien Gioria created a French translation of the OpenSAMM 1.0 Overview presentation available for download [https://www.owasp.org/images/f/fd/OpenSAMM-1.0-fr_FR.ppt here].
 +
 
 +
You can use [http://crowdin.net/project/owasp-samm Crowdin] to help improve these translations or add new ones right now!
  
 
</div>
 
</div>
 +
 
= Roadmap =
 
= Roadmap =
[[Image:zap128x128.png|right]]
+
[[Image:OwaspSAMM.png|right]]
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
  
==Release 2.3.0==
+
Updated roadmap:
ZAP 2.3.0 has been released, which includes:
+
Next 1.5 release, updated scoring:
* A ZAP 'lite' version in addition to the existing 'full' version
+
* Clarification of maturity levels (syntactic changes to keep the text consistent)
* View, intercept, manipulate, resend and fuzz client-side (browser) events
+
* Not change activities but try to impose the current scoring system on existing activities, i.e. move from binary yes/no to the multi-tiered questions/answers of the current proposal.
* Enhanced authentication support
+
* Show improvements with every activity introduced
* Support for non standard apps
+
* Adapt for the new scoring method
* Input Vector scripts
+
* Update questions for 4-tiers
* Scan policy - fine grained control
+
* Review and where necessary clarify current questions
* Advanced Scan dialog
+
* Consider v1.1 remarks that were not withheld for the previous release
* Extended command line options
+
Targeted completion date: February 28, 2017
* More API support
 
* Internationalized help file
 
* Keyboard shortcuts
 
* New UI options
 
* More functionality moved to add-ons
 
* New and improved active and passive scanning rules
 
  
For more details see http://code.google.com/p/zaproxy/wiki/HelpReleases2_3_0
+
SAMM version 2.0
 
+
* Core model changed
==Release 2.4.0==
+
* Visualisations + flavours for a few development methodologies
 
+
* Update quickstart guide, TB, HTG.
The major features we are currently working on include:
+
* Success metrics: How well does the model work: Linked to the benchmarking project.
* Client side scanning
+
Timing: Workshops as part of OWASP Project Summit June 2017
* Advanced fuzzing
 
* Advanced access control testing
 
* SOAP service scanning
 
* Sequence scanning
 
* Sequence detection
 
 
 
The date and exact features that will be included in 2.4 have not been finalized.
 
  
 
</div>
 
</div>
 
= Get Involved =
 
= Get Involved =
[[Image:zap128x128.png|right]]
+
[[Image:OwaspSAMM.png|right]]
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
  
Involvement in the development of ZAP is actively encouraged!
+
Involvement in the development of SAMM is actively encouraged!
  
 
You do not have to be a security expert in order to contribute.
 
You do not have to be a security expert in order to contribute.
Line 237: Line 340:
 
Some of the ways you can help:
 
Some of the ways you can help:
  
==Feature Requests==
+
==Feedback==
 +
 
 +
Please use the [https://lists.owasp.org/mailman/listinfo/samm Mailing List] for feedback:
 +
* What do like?
 +
* What don't you like?
 +
* How can we make SAMM easier to use?
 +
* How could SAMM be improved?
 +
 
 +
 
 +
==Localization==
  
Please raise new feature requests as enhancement requests here: http://code.google.com/p/zaproxy/issues/list
+
Are you fluent in another language? Can you help translate SAMM into that language?
  
If there are existing requests you are also interested in then please 'star' them - that way we can see which features people are most interested in and can prioritize them accordingly.
+
You can use [http://crowdin.net/project/owasp-samm Crowdin] to do that!
  
==Feedback==
+
</div>
 +
 
 +
= Project Sponsors =
 +
[[Image:OwaspSAMM.png|right]]
 +
 
 +
<div style="font-size:120%;border:none;margin: 0;color:#000">
 +
 
 +
SAMM is developed and maintained by a worldwide team of volunteers. We have also been helped by many organizations, either financially or by encouraging their employees to work on SAMM.
 +
 
 +
==SAMM Adopters==
 +
SAMM is the premier open source software assurance framework. You can find a list of [https://www.owasp.org/index.php/OpenSAMM_Adopters SAMM adopters] online.
 +
 
 +
==Call for SAMM2 Sponsors==
 +
OWASP SAMM and the upcoming SAMM 2.0 release is the open source software security maturity model used to develop secure software for IT, application and software security technologists.
  
Please use the [http://groups.google.com/group/zaproxy-users zaproxy-users Google Group] for feedback:
+
We are seeking sponsors to support OWASP SAMM. All proceeds from the sponsorship support the mission of the OWASP Foundation and the further development of SAMM. Supporting the project drives the funding for research grants, SAMM hosting, tools, templates, documents, promotion, and more.
* What do like?
 
* What don't you like?
 
* What features could be made easier to use?
 
* How could the help pages be improved?
 
  
==Log issues==
+
By sponsoring SAMM, you not only support an important and flagship OWASP project, you will also get visibility during the next SAMM Summit (part of the OWASP Summit 2018) and recognition on the OWASP SAMM project web site and the next release of SAMM (version 2.0).
  
Have you had a problem using ZAP?
+
For more information: Contact [mailto:seba@owasp.org seba@owasp.org]
  
If so and its not already been logged then please [http://code.google.com/p/zaproxy/issues/list report it]
+
==== Acknowledgements ====
  
==Localization==
 
  
Are you fluent in another language? Can you help translate ZAP into that language?
 
  
You can use [http://crowdin.net/project/owasp-zap Crowdin] to do that!
+
We would like to thank the following sponsors who donated funds to our project:
  
==Development==
+
[[File:OWASP-NoVA-Chapter-Logo.PNG|250px|link=https://www.owasp.org/index.php/Virginia]]
 +
[[File:Belgium_Chapter.PNG|250px|link=https://www.owasp.org/index.php/Belgium]]
 +
[[File:London_Chapter.PNG|250px|link=https://www.owasp.org/index.php/London]]
  
If you fancy having a go at adding functionality to ZAP then please get in touch via the [http://groups.google.com/group/zaproxy-develop zaproxy-develop Google Group].
+
[[File:Aspectsecurity.png|250px|link=http://www.aspectsecurity.com]]
 +
[[File:Astech_Consulting_logo.png|250px|link=http://www.astechconsulting.com/]]
 +
[[File:Denim_Group_logo.jpg|250px|link=http://www.denimgroup.com/]]
 +
[[File:Gotham_Digital_Science_logo.jpg|250px|link=http://www.gdssecurity.com/]]
  
Again, you do not have to be a security expert to contribute code - working on ZAP could be great way to learn more about web application security!
+
{{MemberLinksv2|link=http://www.hpenterprisesecurity.com|logo=HP_Blue_RGB_150_SM.png|size=300px90px}}
 +
[[File:NetSPI_logo.png|250px|link=http://www.netspi.com/]]
 +
[[Image:PwC_logo_4colourprint_(2)_Resized_good_one.jpg|150px|link=http://www.pwc.com]]
 +
[[File:SI_Logo_Stacked_Application_Security.jpg|250px|link=http://www.securityinnovation.com/]]
 +
[[File:LogoToreon.jpg|250px|link=http://www.toreon.com]]
 +
[[File:Veracode-samm.png|250px|link=http://www.veracode.com]]
  
If you actively contribute to ZAP then you will be invited to join the project.
 
  
</div>
+
__NOTOC__ <headertabs></headertabs>
  
__NOTOC__ <headertabs />
+
<br />
 +
{{OWASP Book|6888083}}
 +
<br />
  
[[Category:OWASP_Project|Zed Attack Proxy Project]]
+
[[Category:OWASP Project|Zed Attack Proxy Project]]
 
[[Category:OWASP_Tool]]
 
[[Category:OWASP_Tool]]
[[Category:OWASP_Release_Quality_Tool|OWASP Release Quality Tool]]
+
[[Category:OWASP Release Quality Tool|OWASP Release Quality Tool]]
 
[[Category:OWASP_Download]]
 
[[Category:OWASP_Download]]
 
[[Category:Popular]]
 
[[Category:Popular]]

Revision as of 11:04, 29 January 2019

Flagship big.jpg

OWASP SAMM v1.5 available in the downloads section!

We are now working on the Beta release of OWASP SAMMv2, our work in progress is available online on our new web site.

Join our monthly calls

  • The monthly call is on each 2nd Wednesday of the month at 21h30 CEST / 3:30pm EST.
  • Please join our GoToMeeting: https://global.gotomeeting.com/join/262891661
  • The call is open for everybody interested in SAMM or who wants to work on SAMM.

Join us on the OWASP SAMM project Slack channel

2018 OWASP SAMM Summit (4-8 JUNE 2018, London)

  • Join our 2018 OWASP SAMM Summit near London as part of the Open Security Summit.
  • We will organize working sessions in a 5-day sprint to draft SAMM v2.0.
  • Register online here
  • Sponsor the SAMM2, more details here

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:

  • Evaluate an organization’s existing software security practices
  • Build a balanced software security assurance program in well-defined iterations
  • Demonstrate concrete improvements to a security assurance program
  • Define and measure security-related activities throughout an organization


Dell uses OWASP’s Software Assurance Maturity Model (Owasp SAMM) to help focus our resources and determine which components of our secure application development program to prioritize., (Michael J. Craigue, Information Security & Compliance, Dell, Inc.)

Follow OWASP SAMM on twitter: @owaspsamm


Quick Download v1.5

All SAMM v1.5 files (.zip)
SAMM Core Model
How-To Guide
Quick Start Guide
SAMM Toolbox
SAMM Toolbox Example
OWASP SAMM on GitHub

Quick Download v1.1.1

SAMM Core Model
How-To Guide
Quick-Start Guide
Updated SAMM Tool Box
OWASP SAMM on GitHub

News and Events

Please see the News and Talks tabs

Change Log

Email List

Questions? Please ask on the SAMM Mailing List

Project Leaders

Seba Deleersnyder
Bart De Win

Related Projects


Classifications

Owasp-flagship-trans-85.png Owasp-defenders-small.png
Owasp-builders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg
OwaspSAMM.png

The foundation of the model is built upon the core business functions of software development with security practices tied to each (see diagram below). The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities in which an organization could engage to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.

SAMM-Overview.png

Click on any badge to learn more
G.png
Strategy & Metrics
SM1.png SM2.png SM3.png
Policy & Compliance
PC1.png PC2.png PC3.png
Education & Guidance
EG1.png EG2.png EG3.png
C.png
Threat Assessment
TA1.png TA2.png TA3.png
Security Requirements
SR1.png SR2.png SR3.png
Secure Architecture
SA1.png SA2.png SA3.png
V.png
Design Review
DR1.png DR2.png DR3.png
Code Review
CR1.png CR2.png CR3.png
Security Testing
ST1.png ST2.png ST3.png
D.png
Vulnerability Management
VM1.png VM2.png VM3.png
Environment Hardening
EH1.png EH2.png EH3.png
Operational Enablement
OE1.png OE2.png OE3.png

The latest work in progress can be found on Github: https://github.com/OWASP/samm

Download SAMM v1.5

Download SAMM v1.1

Download OpenSAMM v1.0:


Available resources to apply SAMM:


Trainings:

  • Recent OWASP SAMM 1-Day training slide deck delivered by Bart De Win and Sebastien Deleersnyder at AppSec Europe 2014 in Cambridge
    • Slide deck download here
    • Training description download here


Assessments:

  • SAMM v1.5 Toolbox
  • SAMM v1.1 Toolbox
    • download the v1.1 toolbox, including the updated questions here
  • Assessment Interview Template by Nick Coblentz for SAMM V1.0
    • This spreadsheet breaks down the assessment questionnaire from the SAMM framework into assertion statements that can be used to drive assessment interviews.
  • Roadmap Chart Template by Colin Watson for SAMM V1.0
    • This spreadsheet provides a simple way to capture the data for a SAMM roadmap and automatically generate graphics similar to those that appear in the framework.
  • Assessment Worksheet by Christian Frichot for SAMM V1.0
    • This is an easy-to-use spreadsheet containing the assessment questionnaire from the SAMM framework. Features some auto-scoring to make the appearance very polished.
  • Project Plan Template by Jim Weiler for SAMM V1.0
    • This is a project plan template (MS Project) that captures the activities from the SAMM levels. Useful for copying pieces into existing development project schedules.


Mappings:

  • BSIMM-6 mapping to SAMM activities:
    • Spreadsheet download here
    • Presentation with start of analysis download here
  • BSIMM mapping to SAMM during the 2011 Summit:
    • This spreadsheet contains an activity-level mapping between OpenSAMM and BSIMM. Note that in some cases, multiple BSIMM activities map to a single SAMM activity (109 in BSIMM map to 72 in SAMM).


Tools:

  • Javascript visualization framework for SAMM on github
OwaspSAMM.png

Upcoming SAMM Meetings

We now have weekly SAMM - summit preparation calls on Wednesdays at 21h30 CEST / 3:30pm ET.

The current DRAFT SAMM schedule is available here: https://open-security-summit.org/tracks/owaspsamm/

Preparation notes: https://docs.google.com/document/d/1piN4De5FGVUqpC-Q_wabRxWfAbjfaF90bYYzugtJM3k/edit#

The monthly call is on each 2nd Wednesday of the month at 21h30 CEST / 3:30pm EST.
Please join our GoToMeeting: https://global.gotomeeting.com/join/262891661
The call is open for everybody interested in SAMM or who wants to work on SAMM.

Previous SAMM Meetings

OwaspSAMM.png

In 2016 we organized our second OWASP SAMM Summit in New York on 20-21 April, details >here< !!

Read the wrap-up of the Summit here: https://docs.google.com/document/d/19_LC1euR7ZuazRYgeblhPE1Fv6E8N56Bu8zANq2JB30/edit


In 2015 we organized our the first OWASP SAMM Summit in Dublin on 27-28 March, details >here< !!

Summit Notes:

"The SAMM summit provided an opportunity to breathe new life into a framework that I use to facilitate my day-to-day work and support my customers." Bruce C Jenkins, Fortify Security Lead, Hewlett-Packard Company

Previous workshop Notes:

During the AppSec conferences, the SAMM project team organises workshops for you to influence the direction SAMM evolves.

This is also an excellent opportunity to exchange experiences with your peers.

If you plan on attending http://appsec.eu be sure to get involved in the SAMM workshop (scheduled on Jun-23).

  • The agenda for the SAMM Workshop in Cambridge on 23-Jun-2014 is available here.

Previous workshop notes:

  • The notes for the SAMM Workshop in New York on 21-Nov-2013 are available here.
  • The notes for the SAMM Workshop in Hamburg on 21-Aug-2013 are available here.


OwaspSAMM.png

Upcoming talks featuring SAMM are listed here:

  • OWASP DC - Software Assurance Maturity Model (SAMM) with Brian Glas! (2017-03-15)
  • OWASP NoVA - SAMM 1.5, what's changed and how it impacts you (2017-03-16)
  • InfoSec World - Software Assurance Maturity Model Evolutions (2017-04-03)

past talks:

  • OWASP SAMM v1.5 Webinar - Brian Glas discussing the SAMM model and changes in v1.5 (watch - youtube) - 2017
  • OWASP 24/7 - Seba Deleersnyder discussing the upcoming SAMM Summit (listen - here) - 2015
  • OWASP Germany Day 2014: Seba Deleersnyder: OpenSAMM Best Practices: Lessons from the Trenches (download presentation) - 2014
  • AppSecEU14: Seba Deleersnyder & Bart De Win: OpenSAMM Best Practices: Lessons from the Trenches OpenSAMM Best Practices: Lessons from the Trenches (download presentation, see video) - 2014
  • AppSecEU13 - Hamburg: Seba Deleersnyder presenting a project update (download presentation) - 2013
  • OWASP Europe Tour 2013 - Geneva: Seba Deleersnyder presenting OpenSAMM and the renewed project (download presentation) - 2013
  • AppSecEU11 - Athens: Colin Watson presenting SAMM Training (download presentation) - 2011
  • AppSecEU09: Pravir Chandra presenting OpenSAMM v1.0 (download presentation) - 2009
  • Matt Bartoldus presentation on new SAMM project during OWASP London chapter (download presentation) - 2009
  • Pravir Chandra - first presentation discussing the next generation to the CLASP Project- a complete working of the details into a Software Assurance Maturity Model (SAMM). (download presentation) - 2009
OwaspSAMM.png

Latest News on SAMM

OwaspSAMM.png

SAMM v1.0 is available in the following languages:

  • English
  • Spanish
  • Japanese
  • Chinese

Carlos Allendes created a presentation in Spanish on SAMM during the 2011 LatAm tour, download the presentation. Hubert Grégoire and Sebastien Gioria created a French translation of the OpenSAMM 1.0 Overview presentation available for download here.

You can use Crowdin to help improve these translations or add new ones right now!

OwaspSAMM.png

Updated roadmap: Next 1.5 release, updated scoring:

  • Clarification of maturity levels (syntactic changes to keep the text consistent)
  • Not change activities but try to impose the current scoring system on existing activities, i.e. move from binary yes/no to the multi-tiered questions/answers of the current proposal.
  • Show improvements with every activity introduced
  • Adapt for the new scoring method
  • Update questions for 4-tiers
  • Review and where necessary clarify current questions
  • Consider v1.1 remarks that were not withheld for the previous release

Targeted completion date: February 28, 2017

SAMM version 2.0

  • Core model changed
  • Visualisations + flavours for a few development methodologies
  • Update quickstart guide, TB, HTG.
  • Success metrics: How well does the model work: Linked to the benchmarking project.

Timing: Workshops as part of OWASP Project Summit June 2017

OwaspSAMM.png

Involvement in the development of SAMM is actively encouraged!

You do not have to be a security expert in order to contribute.

Some of the ways you can help:

Feedback

Please use the Mailing List for feedback:

  • What do like?
  • What don't you like?
  • How can we make SAMM easier to use?
  • How could SAMM be improved?


Localization

Are you fluent in another language? Can you help translate SAMM into that language?

You can use Crowdin to do that!

OwaspSAMM.png

SAMM is developed and maintained by a worldwide team of volunteers. We have also been helped by many organizations, either financially or by encouraging their employees to work on SAMM.

SAMM Adopters

SAMM is the premier open source software assurance framework. You can find a list of SAMM adopters online.

Call for SAMM2 Sponsors

OWASP SAMM and the upcoming SAMM 2.0 release is the open source software security maturity model used to develop secure software for IT, application and software security technologists.

We are seeking sponsors to support OWASP SAMM. All proceeds from the sponsorship support the mission of the OWASP Foundation and the further development of SAMM. Supporting the project drives the funding for research grants, SAMM hosting, tools, templates, documents, promotion, and more.

By sponsoring SAMM, you not only support an important and flagship OWASP project, you will also get visibility during the next SAMM Summit (part of the OWASP Summit 2018) and recognition on the OWASP SAMM project web site and the next release of SAMM (version 2.0).

For more information: Contact seba@owasp.org

Acknowledgements

We would like to thank the following sponsors who donated funds to our project:

OWASP-NoVA-Chapter-Logo.PNG Belgium Chapter.PNG London Chapter.PNG

Aspectsecurity.png Astech Consulting logo.png Denim Group logo.jpg Gotham Digital Science logo.jpg

300px90px       NetSPI logo.png PwC logo 4colourprint (2) Resized good one.jpg SI Logo Stacked Application Security.jpg LogoToreon.jpg Veracode-samm.png



OWASP Books logo.png This project has produced a book that can be downloaded or purchased.
Feel free to browse the full catalog of available OWASP books.

Retrieved from "https://www.owasp.org/index.php?title=OWASP_SAMM_Project&oldid=246908"