This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Security Integration System

From OWASP
Revision as of 11:10, 30 September 2019 by MB netblue4 (talk | contribs) (Preparation phase)

Jump to: navigation, search
OWASP Project Header.jpg

Table of content

  1. What is the Secure code assurance tool
  2. Description: build, verify and assures secure software
  3. See how development teams use SCAT
  4. How to import client specific risks, security requirements and tests
  5. Governance, first line of defence and SCAT

What does SCAT not do

  • SCAT is not a point in time security verification tool for detecting vulnerabilities after development

What does SCAT do

  • SCAT is a process integrity tool which implements a consistent, authorized and auditable software development process
  • SCAT’s primary objective is proving security controls operate efficiently over a period of time

Process integrity tool vs point in time security verification tool

SOCTools
  • Point in time security verification tools relate to SOC2 Type 1 and assesses the design of security processes at a specific point in time
  • Process integrity tools relate to SOC2 Type 2 and assesses how effective those controls are over time
  • Both types of tools are important and some applications have functionality that crosses the line