Over the past year, NetSPI has been working on a new approach to manage and measure application security. By combining OWASP’s Software Assurance Maturity Model, traditional risk assessment methodologies, and experience developing security metrics, NetSPI developed a methodology that may be used to help organizations improve the way they manage and prioritize their application security initiatives. Once fully developed, this approach will be donated to OWASP either as an add-on to the existing SAMM project or as a new project intended to improve application security management.
In this presentation, NetSPI will provide a detailed walk-through of the overall methodology as well as OWASP’s SAMM project. We will provide examples of the types of metrics and executive dashboards that can be generated by using this approach to managing application security and help highlight various ways this information can be used to further improve the overall maturity of application security programs.
** This session has been changed to a 2-part series! Be sure to stop in on Wednesday, May 13 in Room 10 at 9:45 AM for Part 2 (hands-on approach).**
- Learn to Develop Application Security Metrics
- Learn about OWASP's Software Assurance Maturity Model
- Learn how to prioritize applications based on security concerns
- Find out how to contribute to OWASP SAMM project
About Yan Kravchenko
Yan Kravchenko is passionate about finding ways for organizations to balance their business objectives with the ever-growing cybersecurity and regulatory challenges. Today, Kravchenko is focused on one of the latest frontiers in the field of security: application security. In this role, he is creating innovative tools and services for complex enterprises to understand their application security risks and optimize their security investments. In dealing with the ever-changing cybersecurity threat landscape, he brings the ability to interpret and apply technical, legal and business information to enable his clients to make informed decisions.
Over the past 20+ years, Kravchenko has worked through many IT and security evolutionary trends, learning different ways to evaluate, understand and remediate cybersecurity risks.