Explore how to integrate the OWASP Application Security Verification Standard (ASVS) into the Secure Software Development Lifecycle in this AppSecUSA 2017 conference talk. Learn strategies for implementing uniform security requirements across large organizations, prioritizing security tasks, and overcoming challenges in dispersed development teams. Discover how to leverage the ASVS to create functional and non-functional security requirements, develop a questionnaire for determining appropriate ASVS levels, and incorporate security tasks into existing development processes. Gain insights on writing test plans based on ASVS verification statements and mapping them to requirements for effective validation. Understand how this approach can streamline secure development, making it more manageable and less ambiguous for development teams.
Leveraging the ASVS in the Secure Software Development Lifecycle
Overview
Syllabus
Intro
Background
Importance of Security
Solving defects early
Named vulnerabilities in 2016
Security
SDLC
Control
Common Framework
Domains
Verification Statements
Control vs Requirement
Security Control Types
B Sack
Questionnaire
Benefits
Questions
Taught by
OWASP Foundation
Related Courses
-
Secure Software Development Fundamentals
-
ISC2 Certified Secure Software Life-Cycle Professional (CSSLP)
-
OWASP Application Security Verification Standard (ASVS) Project Overview
-
The Path of Secure Software Development - AppSec EU 2017
-
Handling of Security Requirements in Software Development Lifecycle
-
Top Ten Proactive Controls for Secure Software Development
