Securing your applications requires more than just point-in-time testing; it requires a maturity security program. In this video, learn about the Building Security In Maturity Model (BSIMM).
- [Instructor] Another resource to include … in your offline testing preparation … is the Building Security in Maturity Model, or BSIMM. … The BSIMM is similar to the OWASP SAMM project … in that it applies that Capability Maturity Model … to ensuring that your software is secure. … 120 organizations from a variety of industries … came together to form the BSIMM. … While it's most heavily influenced by professionals … from financial services organizations … and independent software vendors, … you can find benefit from this resource … regardless of the industry you represent. … In addition to teaching, I present on a pretty regular basis … at professional meetings and conferences. … If there's one message that creeps … into nearly every one of my presentations, … it's that compliance does not equal security. … If you want real, effective, meaningful security, … then you should focus on maturity instead. … Software vulnerabilities aren't the problem, … software vulnerabilities are a symptom of the problem. …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.