SDLC Security Audit Framework

March 30, 2010

We’ve put together a framework based on the OWASP Security Assurance Maturity Model and some of its user-contributed checklists to perform a security assessment on an organization’s SDLC. The intent here is not to find specific flaws in an application, but rather to measure the level of security baked into the process. Today, this kind of assessment is often performed courtesy of the professional judgment of an application security expert without consistency. We wanted to make a repeatable, systematic process framed in the language of controls auditing. Ideally, organizations will be able to assess a potential software vendor’s SDLC security posture prior to purchasing commercial-off-the-shelf or custom-developed software. We’ve successfully used this framework in the past to identify gaps and provide recommendations for independent software vendors. Please let us know your thoughts by sending feedback to labs@securitycompass.com. We look forward to hearing from you!

Previous Article
Security Compass Youtube Channel
Security Compass Youtube Channel

From our various training courses, we have quite a few videos that demonstrate web application attacks. Som...

Next Article
Secure Web Application Framework Manifesto
Secure Web Application Framework Manifesto

It’s clear that your choice of web application framework makes a significant impact on the security of indi...

×

Schedule a live demo

First Name
Last Name
Company Name
!
Thank you!
Error - something went wrong!