We’ve put together a framework based on the OWASP Security Assurance Maturity Model and some of its user-contributed checklists to perform a security assessment on an organization’s SDLC. The intent here is not to find specific flaws in an application, but rather to measure the level of security baked into the process. Today, this kind of assessment is often performed courtesy of the professional judgment of an application security expert without consistency. We wanted to make a repeatable, systematic process framed in the language of controls auditing. Ideally, organizations will be able to assess a potential software vendor’s SDLC security posture prior to purchasing commercial-off-the-shelf or custom-developed software. We’ve successfully used this framework in the past to identify gaps and provide recommendations for independent software vendors. Please let us know your thoughts by sending feedback to email@example.com. We look forward to hearing from you!
From our various training courses, we have quite a few videos that demonstrate web application attacks. Som...
Most Recent Articles
With the sudden move to remote work, organizations haven't been able to consider the security ramifications of accessing network assets from homes. Learn how you can make remote access more secure.
Speed and innovation are always in demand. But in the face of sophisticated cyberattacks, federal government agencies need to prioritize cybersecurity.
Most discussions focus on the tactical benefits of security in software development. It would be easier to integrate security if we talk about its business value.
This week’s post is the final part of our blog series and we are sharing tips on what makes a good interview, creating rapport with your interviewer, and how to leverage referrals.
Following our last week’s post with tips on how to get your resume picked by a recruiter, this week we want to share a few tips on how to prepare for an interview and important details to mention.
With several talented people displaced by COVID-19, we thought about talking to our in-house recruiters to understand how they think while recruiting so that it can help current jobseekers.
Do you think the friction between security and development slows down the SDLC? Learn how to manage security without slowing down development.
Learn why the requirement for software security is putting greater demands on organizations.
Smart organizations understand that taking a proactive approach to security and providing engineering with the tools and responsibility for building secure software is more effective.
Our commitment to our customers, prospects, partners, and communities.
Learn about empowering women in the Workplace.
How did we make here to 2020 as Best Workplace for inclusion? At Security Compass, we start everything with trust.
This session covered the dynamic nature of both security standards and DevOps technologies in our product development pipeline.
This session covered the implementation of an automated, continuous risk pipeline that demonstrates how cyber-resiliency and compliance risk can be traced to and from DevSecOps teams.
SB327 is a new frontier in lawmaking because while it’s fascinating how technology becomes regulated, it’s even more fascinating to see it evolve.
A Quick Insight into Security Compass’ New CEO, Rohit Sethi
Learn more about financial enterprise architecture and security in digital transformation
Learn more about how the CCPA has put pressure on some of the largest tech companies to re-evaluate how they handle personal information.
Learn why hackers target insurance companies and how much your personal data is really worth on the dark web
While some Agile software development methodologies may work better than others, the question is whether or not organizations are delivering software with enough security built-in.