We’ve put together a framework based on the OWASP Security Assurance Maturity Model and some of its user-contributed checklists to perform a security assessment on an organization’s SDLC. The intent here is not to find specific flaws in an application, but rather to measure the level of security baked into the process. Today, this kind of assessment is often performed courtesy of the professional judgment of an application security expert without consistency. We wanted to make a repeatable, systematic process framed in the language of controls auditing. Ideally, organizations will be able to assess a potential software vendor’s SDLC security posture prior to purchasing commercial-off-the-shelf or custom-developed software. We’ve successfully used this framework in the past to identify gaps and provide recommendations for independent software vendors. Please let us know your thoughts by sending feedback to email@example.com. We look forward to hearing from you!
Security Compass Youtube Channel
From our various training courses, we have quite a few videos that demonstrate web application attacks. Som...
Error - something went wrong!
Most Recent Articles
The Shadow IT Problem
Learn more about the shadow IT problem.
We’re Launching SD Elements Version 5
Learn more about our latest release of SD Elements.
Enabling Governance in DevOps: the myth of security as a disruptor
Learn more about how you can enable governance in a DevOps environment.
The New Security and Compliance Tool for Enterprise: The Policy-to-Execution Platform
Learn more about the new tool for enterprise: the policy-to-execution platform.
Scaling Threat Risk Assessments for Applications
Risk assessments are integral to the modern organization’s success, but they’re also time-consuming and difficult to manage. Learn how you can scale threat risk assessments in your organization.
Engineering Privacy into Software
Learn about the importance of engineering privacy into software.
A Primer on Security in the Industrial IoT Space
Learn about the challenges related to Industrial IoT security.
An Introduction to California’s Upcoming IoT Regulations
Learn about California's new IoT regulations.
Integration of Security Practices in a DevOps Environment
Learn how to integrate security into a DevOps environment.
Overcoming Challenges: Solutions for DevSecOps Implementation
Solutions for implementing DevSecOps in your organization.
Shifting the Paradigm for Connected Car Security
Learn about the security required for connected cars.
What’s New in Our Latest Version of SD Elements (January 2019 — June 2019)
Learn about the latest updates in SD Elements.
A Primer on Industrial Control Systems Cybersecurity
Learn about the security challenges related to Industrial Control Systems.
Security does not inhibit DevOps
Learn why security does not get in the way of DevOps.
SD Elements Scales Better than SAST and Delivers Benefits for High-Risk Applications
Learn more about how SD Elements works better than code scanning.
We’ve Been Named to Great Place to Work Institute’s 2019 Best Workplaces™ for Mental Wellness List!
Learn more about our 2019 recognition as a Best Workplaces™.
Security Compass is Proud to be Officially Recognized as one of Canada’s Best Workplaces™
Learn about Security Compass's new Great Place to Work® workplace recognition.
Managing Application Security (MAS) Research Reveals Application Security Practices within the Financial Services Industry
Investigate our research related to application security management within financial organizations.
Security Compass Named Winner in Info Security PG’s Global Excellence Awards and Cybersecurity Excellence Awards
We’re proud to announce that our policy-to-execution platform, SD Elements, was named a winner in the 2019 Info Security Products Guide Global Excellence Awards and the 2019 Cybersecurity...
Building Secure And Compliant Applications For Connected Vehicles