OWASP SAMM

Summary

OWASP Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The version used in this section is OWASP SAMM v1.0.

Definitions

Definition	Requirements
OSAMM-SA. Security Architecture	161. Define secure default options 262. Verify third-party components 266. Disable insecure functionalities 348. Use consistent encoding 048. Components with minimal dependencies 062. Define standard configurations
OSAMM-ST. Security Testing	154. Eliminate backdoors 155. Application free of malicious code 156. Source code without sensitive information 157. Use the strict mode 158. Use a secure programming language 159. Obfuscate code 164. Use optimized structures 168. Initialize variables explicitly 171. Remove commented-out code 344. Avoid dynamic code execution 345. Establish protections against overflows
OSAMM-OM. Operational Management	154. Eliminate backdoors 178. Use digital signatures 266. Disable insecure functionalities 338. Implement perfect forward secrecy 353. Schedule firmware updates 378. Use of log management system 075. Record exceptional events in logs 091. Use internally signed certificates 092. Use externally signed certificates

Last updated

2024/02/09