Cybersecurity Frameworks - Cybersecurity Guides
Application Security is critical to the software development process and a core component of Cybersecurity. There are many Cybersecurity frameworks that cover application security best practices, but the most widely known and popular one is OWASP (The Open Web Application Security Project) which is a nonprofit foundation that works on the improvement of software security practices. Through community driven open-source software projects, hundreds of chapters worldwide, thousands of members, and highly regarded educational and training conferences, the OWASP Foundation is the source for developers and technology professionals to secure the web applications and software.
Integrating Application Security Practices, Part 1
You should familiarize yourself with OWASP, as there is a tremendous amount of free resources available to guide you through adopting secure application development practices. Most importantly, you should start with reviewing the Software Assurance Maturity Model (SAMM). This framework provides an effective and measurable way for organizations to analyze and improve security within the development lifecycle. SAMM supports the complete software lifecycle and is technology and process agnostic, so it can be integrated into any organization's process and procedures. The SAMM methodology is risk-driven and scalable, so it can work for all organizations, no matter the size or sophistication.
In addition to SAMM, OWASP is known for the "OWASP Top Ten" which covers the 10 highest priorities around security risks and vulnerabilities. It is a general awareness document for developers and the management pf web applications, that represents a broad consensus about the current most critical security risks. Organizations should adopt this guide and start the process of ensuring their web applications address these risks. Using this guide is an effective foundation towards evolving the software development process within your organization into one that embraces secure software design and code.
Many other popular Cybersecurity Foundations and Frameworks also cover Application Security, including the CIS Controls, NIST, the Microsoft Security Development Lifecycle, and the Cloud Security Alliance. Stay tuned for follow up articles where we dive into more details covering the different aspects of Application Security. Until then, check out the frameworks mentioned and the additional resources provided below.
See the list of references below
Review these sources for more information
The Open Web Application Security Project https://owasp.org/
CIS Controls - Control 16 Application Software Security https://www.cisecurity.org/controls
NIST Secure Software Development Framework https://csrc.nist.gov/Projects/ssdf
The Microsoft Security Development Lifecycle https://www.microsoft.com/en-us/securityengineering/sdl/
Cloud Security Alliance https://cloudsecurityalliance.org/
NIST 800-53 rev 4 https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
