AppSec Europe 2014 has ended
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days
Back To Schedule
Tuesday, June 24 • 14:00 - 18:00
Training room 3 - Bootstrap and improve your SDLC with OpenSAMM

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Building security into the software development and management practices of a company can be a daunting task. There are many elements to the equation: company structure, different stakeholders, technology stacks, tools and processes, and so forth. Implementing software assurance can have a significant impact on the organization. Yet, trying to achieve this without a good framework is most likely leading to just marginal and unsustainable improvements. OWASP OpenSAMM gives you a structural and measurable framework to do just that. It enables you to formulate and implement a strategy for software security that is tailored to the risk profile of your organization.

The goal of this one-day training, which is conceived as a mix of training and workshop, is for the participants to get a more in-depth view on and practical feeling of the OpenSAMM model. The training is setup in three different parts.

In a first part, an overview is presented of the OpenSAMM model and similarities and differences with other similar models are explained. The different domains (governance, construction, verification, deployment), their activities and relations are explained. Furthermore, different constituent elements (e.g., metrics) are discussed and the overall usage scenarios of the model are explained.

Next, approx. half a day will be spent on doing an actual OpenSAMM evaluation of your own organization (or one that you have worked for). We will go through an evaluation of all the OpenSAMM domains and discuss the results in group. This will give all participants a good indication of the organization’s maturity wrt. software assurance. In the same effort, we will define a target model for your organization and identify the most important challenges in getting there.

The final part of the training will be dedicated to specific questions or challenges that you are facing wrt. secure development in your organization. In this group discussion, experience between the different participants will be shared to address these questions.

In case you haven't started a secure software initiative in your organization yet, this training should provide you with the necessary foundations and ideas to do so. Be prepared for a highly effective and applicable treatment of this large domain ! And in case you would be concerned about confidentiality issues, we adhere to the Chatham House Rule.

After the conference the OpenSAMM project team comes together for their first OpenSAMM summit in Cambridge. If you want to contribute to this flagship project, stay and join us at the summit. More details on www.opensamm.org.


This training requires a good amount of interactivity and common-sense. No specific technical requirements are set forth. 

avatar for Sebastien Deleersnyder

Sebastien Deleersnyder

CEO, Toreon
Seba (https://twitter.com/Sebadele)  is co-founder, CEO of Toreon and a proponent of application security as a holistic endeavor. He started the Belgian OWASP chapter, was a member of the OWASP Foundation Board and performed several public presentations on Application Security. Seba... Read More →
avatar for Bart De Win

Bart De Win

Bart De Win has over 20 years of experience in software security. He has an extensive background in the field, including his Ph.D. and research work on methods and techniques for software protection. Since 2009, Bart has been responsible for all application security services within... Read More →

Tuesday June 24, 2014 14:00 - 18:00 BST

Attendees (0)