Explore the evolution of software security verification in this 31-minute OWASP Global AppSec Tel Aviv conference talk. Discover the OWASP Software Security 5D Framework and examine assessment data from various international companies. Learn how security practices have progressed from static reports to integrated lifecycle management of security bugs. Gain insights from Matteo Meucci, CEO and co-founder of Minded Security, as he shares his extensive experience in Application Security and his contributions to OWASP projects. Delve into topics such as application security dimensions, processes, testing, team dynamics, and industry standards. Understand why traditional security reports are becoming obsolete and explore more effective approaches to software security. Examine case studies from major companies and discuss the benefits and challenges of modern security practices. Conclude with a Q&A session addressing the trade-offs in implementing comprehensive software security measures.
Software Security 5D Framework - Evolution of Security Verification
Overview
Syllabus
Agenda
Questions
Example
The best approach
Application security dimensions
Framework
Processes
Testing
Team
Security
Standard
Big picture
Assessment results
Independent software vendor
Facebook
Comcast
PCI
Why your reports are dead
Why your reports are there
Why it works
Benefits
Vendor requirements
Presentation testing
Certificate of achievement
Conclusion
QA
Trade off
Taught by
OWASP Foundation
Related Courses
-
Verifying Software for Security Bugs - Dynamic Analysis and Fuzzing Testing
-
OWASP Application Security Verification Standard (ASVS) Project Overview
-
The Path of Secure Software Development - AppSec EU 2017
-
OWASP Serverless Top 10 - Security Risks and Protections
-
Automated Security Testing With OWASP Nettacker
-
OWASP CISO Survey Report 2013 - Tactical Insights for Application Security Managers
