Dated: 03-12-2024

Ch03. Software Security Hardening Fundamentals - Owasp Samm - 2

Software Assurance Maturity Model (SAMM) developed by OWASP
- A guide to building security into software development
- 96 page PDF
OWASP Software Assurance Maturity Model (SAMM)
- Construction Phase:
  - Security Requirements
  - Threat Assessment
  - Secure Architecture
Security Requirements:
- Focused on proactively specifying the expected behavior of software with respect to security
- Through addition of analysis activities at the project level, security requirements are initially gathered based on the high-level business purpose of the software
Threat Assessment:
- Centered on identification and understanding the project-level risks based on the functionality of the software being developed and characteristics of the runtime environment from details about threats and likely attacks against each project, the organization as a whole operates more effectively through better decisions about prioritization of initiatives for security
Secure Architecture:
- Focused on proactive steps for an organization to design and build secure software by default.
Policy & Compliance:
- By enhancing the software design process with reusable services and components, the overall security risk from software development can be dramatically reduced.
SAMM is an excellent model for software security and we look at the verification and deployment phases as part of testing and validation (future module)

Post Assessments

_ is the goal of the Secure Architecture phase in SAMMs Construction

SAMMs Construction phase contributes to reducing overall security risks in software development by _