Building Security In Maturity Model (BSIMM).
A study of real-world software security activities arranged so that you may evaluate
where you stand and how to adapt your efforts over time.
SAMM
provides a clear path and maturity model for secure software development and
deployment, as well as handy self-assessment and planning tools.
Core OpenSAMM activities
Governance
Construction
Verification
Deployment
Static analysis
An application's source code is evaluated manually or automatically, without
running the code.
Dynamic analysis.
Analysis and testing of a program happens when it is executed or run.
Fuzzing
Injecting randomized data into a software program in an attempt to uncover system
failures, memory leaks, error handling difficulties, and incorrect input validation
OWASP ZAP
,-An open-source web application security scanner.
-Can be used as a proxy to influence traffic flowing through it (including https).
ISO /IEC 27001
specifies the standards for establishing, implementing, running, monitoring,
reviewing, maintaining, and upgrading a documented information security
management system.
ISO/IEC 17799
ISO/EIC is a collaborative group that creates and maintains standards for the IT
industry. is an international code of conduct for information security management.
This section defines the controls that ensure confidentiality, integrity, and
availability.
ISO/IEC 27034
A standard that provides guidelines to help organizations integrate security into
their operations to help secure applications running in the environment, including
application lifecycle activities.
Software security champion
a developer interested in security who helps amplify the security message at the
team level.
Waterfall approach.
a sequential, activity-based process in which each phase of the SDLC is executed
sequentially from planning to implementation and maintenance.
, Agile Development.
A software development technique that produces functionality in rapid iterations
(weeks), necessitating frequent communication, development, testing, and delivery.
Scrum
an agile project management framework that helps teams structure and manage
their work using a set of values, principles, and practices.
Daily scrum.
During a Sprint, the Development Team meets once a day for 15 minutes or less to
re-plan the next day's development activities. The Sprint Backlog reflects updates.
Sprint review.
A meeting held after each sprint to present the product or process to stakeholders
for approval and feedback.
Sprint retrospective.
an opportunity for the Scrum Team to assess itself and devise a strategy for
changes to be implemented during the following Sprint.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller luzlinkuz. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.