This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Security Integration System"
MB netblue4 (talk | contribs) (→Integrating security into the software development process) |
MB netblue4 (talk | contribs) (→Risk optimisation: Minimise the negative and maximise the positive consequences) |
||
Line 206: | Line 206: | ||
<li>[https://www.owasp.org/index.php?title=OWASP_Security_Integration_System#Promoting_compliance_to_security_requirements Promoting compliance to security requirements]</li> | <li>[https://www.owasp.org/index.php?title=OWASP_Security_Integration_System#Promoting_compliance_to_security_requirements Promoting compliance to security requirements]</li> | ||
<li>[https://www.owasp.org/index.php?title=OWASP_Security_Integration_System#Minimising_the_impact_of_audit_and_assurance Minimising the impact of audit and assurance]</li> | <li>[https://www.owasp.org/index.php?title=OWASP_Security_Integration_System#Minimising_the_impact_of_audit_and_assurance Minimising the impact of audit and assurance]</li> | ||
− | |||
− | |||
− | |||
− | |||
</ol> | </ol> | ||
=== Resource optimisation: Predictable, repeatable and consistent level of security across all teams === | === Resource optimisation: Predictable, repeatable and consistent level of security across all teams === |
Revision as of 08:44, 7 October 2019
What is the Secure code assurance tool (SCAT)
What is the SCAT
Process integrity and point in time in the SDLC
Without further complicating development environment
Low levels of compliance
Compliance and assurance seen as blockers
Duplication of effort and inconsistent implementation
See below how the Secure code assurance tool integrates security into software development phases Sprint planning phaseObjective: Ensures security requirements are understood
Development phaseObjective: Ensure correct implementation of security requirements
Secure code review phaseObjective: Ensure correct implementation of security requirements
Testing phaseObjective: Ensure valid security testing
Approval phaseObjective: Streamline the approval and audit process
Risk managementObjective: Enable risk managers to prioritise, plan and monitor mitigation efforts
When developing secure software we need to consider both standard secure code and client specific architectural requirements Standard secure code requirements
Client specific architectural requirements
SCAT has the following governance objectives implemented by the following “first line of defense” functions Benefits realisation: Enabling development teams to deliver at speedResource optimisation: Predictable, repeatable and consistent level of security across all teams
LicensingThis program is free software: you can redistribute it and/or modify it under the terms of the link GNU Affero General Public License 3.0 as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Project Resources[Installation Package] [Source Code] Project LeaderClassifications |