A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


OWASP SAMM - Hardik Parekh (BSides Tampa 2020) (Hacking Illustrated Series InfoSec Tutorial Videos)

Hardik Parekh
BSides Tampa 2020

OWASP SAMM (https://owaspsamm.org) is the prime maturity model for software assurance that provides an effective and measurable way for all types of organizations to analyze and improve their software security posture. Building security into the software development and management practices of a company can be a daunting task. There are many elements to the equation: company risk profile, organizational structure, different stakeholders, technology stacks, tools and processes, and so forth. Implementing software assurance will have a significant impact on the organization. OWASP Software Assurance Maturity Model (SAMM) gives you an effective and measurable way for all types of organizations to analyze and improve their software security posture in 3 levels of maturity - thus creating a step-by-step software assurance navigation plan. It enables you to formulate and implement a strategy for software security that is tailored to the risk profile of your organization. In this talk, we give an overview of the new release of the SAMM model. After 10 years since its first conception, it was important to align it with today?s development practices. We will cover a number of topics in the talk: (i) the core structure of the model, which was redesigned and extended to align with modern development practices, (ii) the measurement model which was setup to cover both coverage and quality and (iii) the new security practice streams where the SAMM activities are grouped in maturity levels. We will demonstrate the new SAMM2 toolbox to measure the maturity of an example DevOps team and how you can create a roadmap of activities.

Hardik Parekh is recognized thought leader and executive in security/privacy domain with contributions to SANS CWE Top 25, OWASP SAMM, BSIMM 1.0 to BSIMM 9; and SAFECode. Hardik is part of the core team which developed OWASP SAMM 2.0. Hardik has 16+ years of security leadership experience with a track record of developing and maturing security programs in consumer and enterprise companies RSA/EMC, Intuit, Amazon, and Splunk. Hardik has built security programs in dynamic, fast-paced environments while leading highly technical globally distributed security teams focused on application security, hardware security, security operations, threat and vulnerability management, security architecture, AWS security, and tools development. Hardik has transformed DevOps organization to DevSecOps by integrating security engineering tools in CICD pipeline and delivered security at scale and speed in the journey to AWS migration. Hardik was invited to speak at Global AppSec conference 2019. Hardik also serves on advisory board of several security start ups and CompTIA.

Back to BSides Tampa 2020 video list

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast