Unformatted text preview: ng Resource Requirements (Training per person for period)
Each developer within VirtualWare was required to attend a training course, and therefore every developer had a single day allocated
to the application security program.
(per person) 1 day Outsourced Resources
Due to the lack of knowledge within VirtualWare, external resources were used to assist with the creation of content, and create/
deliver the training program to the developers.
(Security) 15 days Consultant
(Training) 22 days SAMM / Case Studies - v1.0 To achieve these maturity levels VirtualWare implemented a number of programs during this phase of the roll-out. The following initiatives were adopted; 87 Phase 2 (Months 3 – 6) – Education & Testing SAMM / Case Studies - v1.0 VirtualWare - Phase 2 VirtualWare identified in phase 1 that a number of their applications contained vulnerabilities that may
be exploited by external threats. Therefore one of the key objectives of this phase was to implement
basic testing and review capabilities to identify the vulnerabilities and address them in the code. 88 The introduction of automated tools to assist with code coverage and findings weaknesses was identified as one of the biggest challenges in this phase of the implementation. Traditionally in the past developers have used automated tools with great difficultly and therefore implementing new tools was seen
as a significant challenge.
To ensure a successful rollout of the automation tools within the organization,VirtualWare proceeded
with a staged roll-out. The tools would be given to senior team leaders first, with other developers
coming online over a period of time. Teams were encouraged to adopt the tools, however, no formal
process was put in place for their use.
This phase of the implementation also saw the introduction of a more formal education and awareness
program. Developers from the previous training requested more specific training in the areas of web
services, and data validation. The new 6 hour specific training course was developed with these two
focus areas. VirtualWare also implemented additional training programs for Architects and Managers,
and adopted an awareness campaign within the organization. Target Objectives
During this phase of the project,VirtualWare implemented the following SAMM Practices & Activities. 2
SM A. Classify data and applications based on business risk
B. Establish and measure per-classification security goals
A. Conduct role-specific application security training
B. Utilize security coaches to enhance project teams
A. Build and maintain application-specific threat models
B. Develop attacker profile from software architecture
A. Identify software attack surface
B. Analyze design against known security requirements
A. Utilize automated code analysis tools
B. Integrate code analysis into development process
A. Utilize automated security testing tools
B. Integrate security testing into development process
A. Capture critical security information for deployment
B. Document procedures for...
View Full Document
This homework help was uploaded on 03/31/2014 for the course GEN ED IS taught by Professor 3445 during the Spring '14 term at ITT Tech Flint.
- Spring '14