Secure software with OWASP ASVS
Are you working on security requirements in software development, test or procurement? There is no need to re-invent the wheel. See the talk on how OWASP Application Security Verification Standard (ASVS) can help.
At the BSides Oslo conference, 23 May 2019, Erlend Andreas Gjære held a talk on OWASP ASVS. See his presentation in the video below, and download our ASVS spreadsheet to get started yourself.
You may already be familiar with OWASP Top 10, which is well suited for creating awareness about the most common security vulnerabilities in web applications. However, OWASP ASVS provides a more proactive approach to application security, offering detailed requirements based on a chosen risk profile.
The talk shows both how OWASP ASVS is appropriate as a template for security requirements in both code you develop yourself, and for applications that are procured from others.
Great practical intro to @owasp ASVS https://t.co/K7vJSGoYms— Erlend Oftedal (@webtonull) May 23, 2019
We have in addition expanded the ASVS spreadsheet with a few columns which allow us to measure status over time, relative to a maturity scale which is similar to what we do for ISO27001 controls in our company.
Use it as a framework for your secure development process! pic.twitter.com/fIQ7PUl7vw— Patricia Aas (@pati_gallardo) May 23, 2019
If you are interested in learning more about the security in our own cloud services, feel free to ask. And please use our dedicated channel if you happen to have found a potential security vulnerability with us.
14 June 2019
Contact the author:
Simulated phishing: How to design a suitable scam
How do you prepare the most effective phishing email to serve the goal of your exercise? In the third part of this series on simulated phishing, we describe various approaches to designing phishing content.
How to succeed with security behavior change
To stay safe online, people need to care more about the security decisions they face every day. But unless the obvious gains obviously exceed the required effort, change is often avoided. Luckily, behavior change in general has been subject to a lot of research, and here are some takeaways for information security professionals.
Simulated phishing: Communications strategy
How do you prepare an organization for you to try and trick them? In the second part of this series on simulated phishing, we provide the outline for a communications plan.
Ready to get started?
We have written a guide for you to get started with human-centered security. Access our free resource now, and learn:
- How to nurture drivers for employee engagement
- How to avoid common obstacles for reporting
- Practical examples and steps to get started