Skip to content

OWASP Developer Guide

Overview

OWASP Developer Guide

Introduction
Foundations
Foundations
Requirements
Requirements
Design
Design
- Overview
- Threat modeling
  Threat modeling
- Web application checklist
  Web application checklist
- MAS checklist
Implementation
Implementation
- Overview
- Documentation
  Documentation
- Dependencies
  Dependencies
- Secure Libraries
  Secure Libraries
  - Overview
  - ESAPI
  - CSRFGuard
  - OSHP
- MASWE
Verification
Verification
- Overview
- Guides
  Guides
  - Overview
  - WSTG
  - MASTG
  - ASVS
- Tools
  Tools
  - Overview
  - DAST tools
  - Amass
  - OWTF
  - Nettacker
  - OSHP verification
- Frameworks
  Frameworks
  - Overview
  - secureCodeBox
- Vulnerability management
  Vulnerability management
  - Overview
  - DefectDojo
Training and Education
Training and Education
- Overview
- Vulnerable Applications
  Vulnerable Applications
- Secure Coding Dojo
- SKF education
- SamuraiWTF
- OWASP Top 10 project
- Mobile Top 10
- API Top 10
- WrongSecrets
- OWASP Snakes and Ladders
Culture building and Process maturing
Culture building and Process maturing
- Overview Overview
  Table of contents
  - 8. Culture building and Process maturing
- Security Culture
- Security Champions
  Security Champions
- SAMM
- ASVS process
- MAS process
Operations
Operations
Metrics
Metrics
- Overview
Security gap analysis
Security gap analysis
- Overview
- Guides
  Guides
- BLT
Appendices
Appendices
- Implementation Do's and Don'ts
  Implementation Do's and Don'ts
- Verification Do's and Don'ts
  Verification Do's and Don'ts

Overview

Developer guide logo

8. Culture building and Process maturing

Culture building and Process maturing is described by the SAMM Organization and Culture activity, which in turn is part of the SAMM Education & Guidance security practice within the Governance business function.

The maturity of security processes and culture is wide ranging, with indicators of a mature process and culture including:

Security champions have been identified for each development team
A program is in place to support the security champions
Secure coding practices are in place to define standards and improve software development
Developers and application security professionals across the organization are able to communicate and share best practice

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue.