SAMM - Construction - Revision history

Pravir Chandra at 00:50, 5 May 2009

2009-05-05T00:50:22Z

Pravir Chandra at 17:51, 2 May 2009

2009-05-02T17:51:49Z

Pravir Chandra at 03:06, 2 May 2009

2009-05-02T03:06:54Z

Pravir Chandra at 02:14, 2 May 2009

2009-05-02T02:14:46Z

Pravir Chandra at 22:57, 1 May 2009

2009-05-01T22:57:08Z

Pravir Chandra at 22:56, 1 May 2009

2009-05-01T22:56:07Z

Pravir Chandra at 22:48, 1 May 2009

2009-05-01T22:48:54Z

Pravir Chandra: New page: http://www.opensamm.org/badges/small/C.png ===Threat Assessment=== The Threat Assessment (TA) Practice is centered on identification and understanding the project-level risks based on the...

2009-05-01T22:47:21Z

New page: http://www.opensamm.org/badges/small/C.png ===Threat Assessment=== The Threat Assessment (TA) Practice is centered on identification and understanding the project-level risks based on the...

New page

http://www.opensamm.org/badges/small/C.png

===Threat Assessment===
The Threat Assessment (TA) Practice is centered on identification and understanding the project-level risks based on the functionality of the software being developed and characteristics of the runtime environment. From details about threats and likely attacks against each project, the organization as a whole operates more effectively through better decisions about prioritization of initiatives for security. Additionally, decisions for risk acceptance are more informed, therefore better aligned to the business.
By starting with simple threat models and building to more detailed methods of threat analysis and weighting, an organization improves over time. Ultimately, a sophisticated organization would maintain this information in a way that is tightly coupled to the compensating factors and pass-through risks from external entities. This provides greater breadth of understanding for potential downstream impacts from security issues while keeping a close watch on the organization’s current performance against known threats.
{| cellpadding="10"
|[http://www.owasp.org/index.php/SAMM_-_Threat_Assessment_-_1 http://www.opensamm.org/badges/small/TA1.png]
|[http://www.owasp.org/index.php/SAMM_-_Threat_Assessment_-_2 http://www.opensamm.org/badges/small/TA2.png]
|[http://www.owasp.org/index.php/SAMM_-_Threat_Assessment_-_3 http://www.opensamm.org/badges/small/TA3.png]
|}

===Security Requirements===
The Security Requirements (SR) Practice is focused on proactively specifying the expected behavior of software with respect to security. Through addition of analysis activities at the project level, security requirements are initially gathered based on the high-level business purpose of the software. As an organization advances, more advanced techniques are used such as access control specifications to discover new security requirements that may not have been initially obvious to development.
In a sophisticated form, provision of this Practice also entails pushing the security requirements of the organization into its relationships with suppliers and then auditing projects to ensure all are adhering to expectations with regard to specification of security requirements.
{| cellpadding="10"
|[http://www.owasp.org/index.php/SAMM_-_Security_Requirements_-_1 http://www.opensamm.org/badges/small/SR1.png]
|[http://www.owasp.org/index.php/SAMM_-_Security_Requirements_-_2 http://www.opensamm.org/badges/small/SR2.png]
|[http://www.owasp.org/index.php/SAMM_-_Security_Requirements_-_3 http://www.opensamm.org/badges/small/SR3.png]
|}

===Secure Architecture===
The Secure Architecture (SA) Practice is focused on proactive steps for an organization to design and build secure software by default. By enhancing the software design process with reusable services and components, the overall security risk from software development can be dramatically reduced.
Beginning from simple recommendations about software frameworks and explicit consideration of secure design principles, an organization evolves toward consistently using design patterns for security functionality. Also, activities encourage project teams to increased utilization of centralized security services and infrastructure.
As an organization evolves over time, sophisticated provision of this Practice entails organizations building reference platforms to cover the generic types of software they build. These serve as frameworks upon which developers can build custom software with less risk of vulnerabilities.
{| cellpadding="10"
|[http://www.owasp.org/index.php/SAMM_-_Secure_Architecture_-_1 http://www.opensamm.org/badges/small/SA1.png]
|[http://www.owasp.org/index.php/SAMM_-_Secure_Architecture_-_2 http://www.opensamm.org/badges/small/SA2.png]
|[http://www.owasp.org/index.php/SAMM_-_Secure_Architecture_-_3 http://www.opensamm.org/badges/small/SA3.png]
|}

@@ Line 1: / Line 1: @@
 {{OpenSAMM}}
 <div style="float:left; width:65%;">
 http://www.opensamm.org/badges/small/C.png

@@ Line 1: / Line 1: @@
 {{OpenSAMM}}
 [[Category:OWASP Software Assurance Maturity Model Project]]
 http://www.opensamm.org/badges/small/C.png
+<div style="width:100%; float:left;"><br/><br/>
 ===Threat Assessment===
 The Threat Assessment (TA) Practice is centered on identification and understanding the project-level risks based on the functionality of the software being developed and characteristics of the runtime environment. From details about threats and likely attacks against each project, the organization as a whole operates more effectively through better decisions about prioritization of initiatives for security. Additionally, decisions for risk acceptance are more informed, therefore better aligned to the business.
@@ Line 25: / Line 30: @@
 As an organization evolves over time, sophisticated provision of this Practice entails organizations building reference platforms to cover the generic types of software they build. These serve as frameworks upon which developers can build custom software with less risk of vulnerabilities.
 {{SAMM-BadgeList|name=Secure_Architecture|abbr=SA}}

← Older revision		Revision as of 02:14, 2 May 2009
Line 1:		Line 1:
		+	{{OpenSAMM}}
	[[Category:OWASP Software Assurance Maturity Model Project]]		[[Category:OWASP Software Assurance Maturity Model Project]]
	http://www.opensamm.org/badges/small/C.png		http://www.opensamm.org/badges/small/C.png

← Older revision		Revision as of 22:57, 1 May 2009
Line 1:		Line 1:
	[[Category:OWASP Software Assurance Maturity Model Project]]		[[Category:OWASP Software Assurance Maturity Model Project]]
		+	http://www.opensamm.org/badges/small/C.png

−	~~http://www.opensamm.org/badges/small/C.png~~

	===Threat Assessment===		===Threat Assessment===

← Older revision		Revision as of 22:56, 1 May 2009
Line 1:		Line 1:
		+	[[Category:OWASP Software Assurance Maturity Model Project]]
		+
	http://www.opensamm.org/badges/small/C.png		http://www.opensamm.org/badges/small/C.png

@@ Line 8: / Line 8: @@
 By starting with simple threat models and building to more detailed methods of threat analysis and weighting, an organization improves over time. Ultimately, a sophisticated organization would maintain this information in a way that is tightly coupled to the compensating factors and pass-through risks from external entities. This provides greater breadth of understanding for potential downstream impacts from security issues while keeping a close watch on the organization’s current performance against known threats.
-{| cellpadding="10"
+{{SAMM-BadgeList|name=Threat_Assessment|abbr=TA}}
@@ Line 19: / Line 15: @@
 In a sophisticated form, provision of this Practice also entails pushing the security requirements of the organization into its relationships with suppliers and then auditing projects to ensure all are adhering to expectations with regard to specification of security requirements.
-{| cellpadding="10"
+{{SAMM-BadgeList|name=Security_Requirements|abbr=SR}}
@@ Line 32: / Line 24: @@
 As an organization evolves over time, sophisticated provision of this Practice entails organizations building reference platforms to cover the generic types of software they build. These serve as frameworks upon which developers can build custom software with less risk of vulnerabilities.
-{| cellpadding="10"
+{{SAMM-BadgeList|name=Secure_Architecture|abbr=SA}}