Chief Information Security Officers (CISOs) are responsible for application security from governance, compliance and risk perspectives. The Application Security Guide For CISOs seeks to help CISOs... More > manage application security programs according to their own roles, responsibilities, perspectives and needs. Application security best practices and OWASP resources are referenced throughout the guide.< Less
The OWASP Application Security Codes of Conduct set out to define a set of minimal requirements for other organizations specifying the most effective ways they could support OWASP's mission. There... More > are six codes - for Government Bodies, for Educational Institutions, for Standards Groups, for Trade Organizations, for Certifying Bodies and for Development Organizations.< Less
The OWASP Testing Guide (2009 Version 3.0) includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level"... More > penetration testing guide that describes techniques for testing most common web application and web service security issues.
OWASP Testing Guide v3 is a 349 page book; we have split the set of active tests in 9 sub-categories for a total of 66 controls to test during the Web Application Testing activity.
For more information, please check out the project home page at OWASP Testing Guide V3.0 Project.< Less
Full color version. The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific... More > risks facing the organization. The resources provided by SAMM will aid in: (1) Evaluating an organization’s existing software security practices, (2) Building a balanced software security program in well-defined iterations, (3) Demonstrating concrete improvements to a security assurance program, and (4) Defining and measuring security-related activities within an organization.
SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development. Additionally, this model can be applied organization-wide, for a single line-of-business, or even for an individual project.< Less