OpenSAMM Best Practices - Lessons from the Trenches

Explore the implementation of OWASP OpenSAMM for managing application security activities in this 51-minute conference talk from AppSecEU 2014. Learn how to integrate OWASP best practices into your software lifecycle using this structural and measurable blueprint. Discover strategies for tailoring the framework to your organization's risk profile, determining optimal maturity levels, and applying OpenSAMM at various organizational levels. Gain insights on integrating security activities in agile development, managing outsourced development, and utilizing metrics for secure development lifecycle management. Benefit from practical lessons and use cases shared by experts Seba Deleersnyder and Bart De Win, who offer valuable insights on making OpenSAMM an effective methodology for your secure development lifecycle.

Intro
Introduction
Why do we care about application security
Building a maturity model
How the model is structured
How to do assessments
Lessons learned
How to score
Goal to be model
Goal to be situation
Planning
Implementing