In this episode of the People | Process | Technology Podcast, I speak with Seba Deleersnyder from the Software Assurance Maturity Model, Carlos Holguera and Sven Schleier from the Mobile Security Testing Guide, and Bjoern Kimminich from the Juice Shop Project.
Today’s episode begins with Seba Deleersnyder, project lead for the Software Assurance Maturity Model, or SAMM. The mission of this OWASP Flagship Project is to provide an effective and measurable way for you to analyze and improve your secure development lifecycle. SAMM supports the complete software lifecycle and is technology and process agnostic. SAMM was built to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations.
The next Flagship Project we’ll hear from is the Mobile Security Testing Guide, with project leaders Carlos Holguera and Sven Schleier. The mission of the project is to “Define the industry standard for mobile application security.” MSTG is a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. The project includes “Mobile App Security Requirements and Verification” and the “Mobile App Security Checklist”.
The OWASP 20th Anniversary Celebration is a 24 hour global event, featuring sessions from each of the OWASP flagship projects, leaders of the Top Ten Project, presenters from around the world, and sessions from people who have helped OWASP over the past 20 years. Registration is open, and you can’t beat the cost… it’s free. Even if you can’t attend, please register so you’ll have access to all of the recorded sessions following the conference. For the link check the show notes here on the podcast.
Our program was produced today by Executive Editor Mark Miller. Special thanks to today’s guests, Seba Deleersnyder from the Software Assurance Maturity Model, Carlos Holguera and Sven Schleier from the Mobile Security Testing Guide , and Bjoern Kimminich from the Juice Shop Project. You can stream our archive of over 160 episodes, for free, at soundCloud.com/owasp-podcast. The show is available on all of your favorite podcasting platforms, including Spotify and Apple Podcasts.
Support for this broadcast is provided by OWASP, celebrating twenty years of making software safer. OWASP hosts their 24 hour, 20th Anniversary Celebration in September. Head to 20thAnniversary.owasp.org for your free ticket.
Support also provided by JupiterOne, who believes that security is a basic right to every person, company, and enterprise. Security begins with cyber asset visibility, and includes understanding the relationships between those assets. Get started with your free, lifetime license at info.jupiterone.com/get-started.
Resources for this article
Posted By Mark Miller
Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.
Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.
As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).
To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.
Subscribe to our newsletter!
Get updates from JupiterOne Mission Control
Fresh content and cool cybersecurity news alerts delivered to your inbox at least 2x a month! Just let us know where to send it.