What we're about
Upcoming events (4+)
OWASP Vancouver May meetup features a double header:
OWASP SAMM v2.0 and Benchmarking with Brian Glas
Learn more about how the OWASP Software Assurance Maturity Model (SAMM) can be used to build and grow software assurance in an organization. We'll walk through the features of SAMM v2.0 and the future of SAMM Benchmark that we are currently developing to provide measurement capabilities and comparisons for SAMM participants.
Build more secure apps by harnessing the power of OWASP SKF & ASVS on Kubernetes with Farshad Abasi and Kurt Hundeck
Did you know OWASP Application Security Verification Standard (ASVS) can be used as a set of application security requirements? Do you know what the Security Knowledge Framework (SKF) is, and how you can use it to manage your application security requirements and train developers? Are you curious what is takes to deploy a containerized application like SKF into Kubernetes? Do you want to harness the full potential of an open Application Security Verification Standard for a more secure SDLC? This talk will address these questions and more! Discover the power OWASP’s ASVS and SKF running on Kubernetes.
OWASP ASVS is the open application security standard for designing, building, and testing application security controls – and it is baked right into OWASP SKF. During our talk we will highlight the integration between the two projects, show how to start using SKF to learn and manage ASVS requirements, and demo a few relevant SKF Labs.
A Github repo will be released prior to the session with the tools and scripts to setup and deploy OWASP SKF using 1) “minikube” on a single EC2 instance with “terraform” and 2) a complete ‘from scratch’ AWS Kubernetes cluster configuration configured with “kops” and “terraform”.
We believe the OWASP SKF and ASVS projects have a lot of potential, and we hope to foster some additional community attention and contributions.