This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Security Integration System

From OWASP
Revision as of 11:29, 30 September 2019 by MB netblue4 (talk | contribs)

Jump to: navigation, search
OWASP Project Header.jpg

What is the Secure code assurance tool (SCAT)

What does SCAT not do

  • SCAT is not a point in time security verification tool for detecting vulnerabilities after development

What does SCAT do

  • SCAT is a process integrity tool which implements a consistent, authorized and auditable software development process
  • SCAT’s primary objective is proving security controls operate efficiently over a period of time

Process integrity tool vs point in time security verification tool

SOCTools
  • Point in time security verification tools relate to SOC2 Type 1 and assesses the design of security processes at a specific point in time
  • Process integrity tools relate to SOC2 Type 2 and assesses how effective those controls are over time
  • Both types of tools are important and some applications have functionality that crosses the line