This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Security Champions"
From OWASP
Dinis.cruz (talk | contribs) |
(Added Security Champions Playbook) (Tag: Visual edit) |
||
| Line 24: | Line 24: | ||
** Write Tests (from Unit Tests to Integration tests) | ** Write Tests (from Unit Tests to Integration tests) | ||
** Help with development of CI (Continuous Integration) environments | ** Help with development of CI (Continuous Integration) environments | ||
| + | '''Build your own team of Security Champions:''' [[Security Champions Playbook]] | ||
Latest revision as of 07:36, 21 May 2019
Security Champions are a key element of an AppSec team, since they create an cross-functional team focused on Application Security
What is an Security Champion?
- Security Champions are active members of a team that may help to make decisions about when to engage the Security Team
- Act as the "voice" of security for the given product or team
- Assist in the triage of security bugs for their team or area
What do they do?
- Actively participate in the AppSec JIRA and WIKI
- Collaborate with other security champions
- Review impact of 'breaking changes' made in other projects
- Attend weekly meetings
- Are the single point of contact for their assigned team
- Ensure that security is not a blocker on active development or reviews
- Assist in making security decisions for their team
- Low-Moderate security impact
- Empowered to make decisions
- Document decisions made in bugs or wiki
- High-Critical security impact
- Work with AppSec team on mitigations strategies
- Low-Moderate security impact
- Help with QA and Testing
- Write Tests (from Unit Tests to Integration tests)
- Help with development of CI (Continuous Integration) environments
Build your own team of Security Champions: Security Champions Playbook
