Podcast:  OWASP Flagship Projects - Episode 02

by

People | Process | Technology Podcast · OWASP Flagship Projects - Episode 02

In this episode of the People | Process | Technology Podcast, I speak with Seba Deleersnyder from the Software Assurance Maturity Model, Carlos Holguera and Sven Schleier from the Mobile Security Testing Guide, and Bjoern Kimminich from the Juice Shop Project

Today's episode begins with Seba Deleersnyder, project lead for the Software Assurance Maturity Model, or SAMM. The mission of this OWASP Flagship Project is to provide an effective and measurable way for you to analyze and improve your secure development lifecycle. SAMM supports the complete software lifecycle and is technology and process agnostic.  SAMM was built to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations. 

The next Flagship Project we'll hear from is the Mobile Security Testing Guide, with project leaders Carlos Holguera and Sven Schleier. The mission of the project is to "Define the industry standard for mobile application security." MSTG is a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. The project includes "Mobile App Security Requirements and Verification" and the "Mobile App Security Checklist". 

Our final project in this episode is Juice Shop, an insecure web application for training, led by project lead Bjoern Kimminich. It is probably the most modern and sophisticated insecure web application. It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools. Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten, along with many other security flaws found in real-world applications. Juice Shop is written in Node.js, Express and Angular. It was the first application written entirely in JavaScript listed in the OWASP VWA Directory

Conclusion

The OWASP 20th Anniversary Celebration is a 24 hour global event, featuring sessions from each of the OWASP flagship projects, leaders of the Top Ten Project, presenters from around the world, and sessions from people who have helped OWASP over the past 20 years. Registration is open, and you can't beat the cost ... it's free. Even if you can't attend, please register so you'll have access to all of the recorded sessions following the conference. For the link check the show notes here on the podcast.

Our program was produced today by Executive Editor Mark Miller. Special thanks to today's guests, Seba Deleersnyder from the Software Assurance Maturity Model, Carlos Holguera and Sven Schleier from the Mobile Security Testing Guide , and Bjoern Kimminich from the Juice Shop Project. You can stream our archive of over 160 episodes, for free, at soundCloud.com/owasp-podcast.  The show is available on all of your favorite podcasting platforms, including Spotify and Apple Podcasts. 

Support for this broadcast is provided by OWASP, celebrating twenty years of making software safer. OWASP hosts their 24 hour, 20th Anniversary Celebration in September. Head to 20thAnniversary.owasp.org for your free ticket.

Support also provided by JupiterOne, who believes that security is a basic right to every person, company, and enterprise. Security begins with cyber asset visibility, and includes understanding the relationships between those assets. Get started with your free, lifetime license at info.jupiterone.com/get-started.

Resources for this article

Mark Miller
Mark Miller

Mark Miller speaks and writes extensively on DevSecOps and Cybersecurity. He has published 9 books, including "Modern Cybersecurity: Tales from the Near-Distant Future"

Keep Reading

Introducing Continuous Controls Monitoring (CCM) | JupiterOne
November 7, 2024
Blog
Introducing Continuous Controls Monitoring (CCM)

CCM delivers real-time visibility, proactive risk management, and streamlined compliance for security.

Now Available: JupiterOne’s Public Postman Workspace | JupiterOne
October 31, 2024
Blog
Now Available: JupiterOne’s Public Postman Workspace

Explore JupiterOne’s Public Postman Workspace to streamline your workflows and enhance your security operations.

Prioritizing Exploitable Vulnerabilities to Protect Your Business Critical Assets | JupiterOne
October 16, 2024
Blog
Prioritizing Exploitable Vulnerabilities to Protect Your Business Critical Assets

Vulnerability scanners flood teams with alerts, but CTEM helps prioritize based on exploitability and business impact, ensuring focus on the most critical threats.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.