Difference between revisions of "Security Champions"

From OWASP
Jump to: navigation, search
(Added Security Champions Playbook)
 
Line 24: Line 24:
 
**  Write Tests (from Unit Tests to Integration tests)
 
**  Write Tests (from Unit Tests to Integration tests)
 
**  Help with development of CI (Continuous Integration) environments
 
**  Help with development of CI (Continuous Integration) environments
 +
'''Build your own team of Security Champions:''' [[Security Champions Playbook]]

Latest revision as of 02:36, 21 May 2019

Security Champions are a key element of an AppSec team, since they create an cross-functional team focused on Application Security

What is an Security Champion?

  • Security Champions are active members of a team that may help to make decisions about when to engage the Security Team
  • Act as the "voice" of security for the given product or team
  • Assist in the triage of security bugs for their team or area

What do they do?

  • Actively participate in the AppSec JIRA and WIKI
  • Collaborate with other security champions
    • Review impact of 'breaking changes' made in other projects
  • Attend weekly meetings
  • Are the single point of contact for their assigned team
  • Ensure that security is not a blocker on active development or reviews
  • Assist in making security decisions for their team
    • Low-Moderate security impact
      • Empowered to make decisions
      • Document decisions made in bugs or wiki
    • High-Critical security impact
    • Work with AppSec team on mitigations strategies
  • Help with QA and Testing
    • Write Tests (from Unit Tests to Integration tests)
    • Help with development of CI (Continuous Integration) environments

Build your own team of Security Champions: Security Champions Playbook