Verification
6. Verification
Verification is one of the business functions described by the OWASP SAMM.
Verification focuses on the processes and activities related to how an organization checks and tests artifacts produced throughout software development. This typically includes quality assurance work such as testing, and also includes other review and evaluation activities.
Verification activities should include:
- Architecture assessment, validation and mitigation
- Requirements-driven testing
- Security control verification and misuse/abuse testing
- Automated security testing and baselining
- Manual security testing and penetration testing
These activities are supported by:
- Security guides
- Test tools
- Test frameworks
- Vulnerability management
- Checklists
Verification is an activity central to the secure software development lifecycle. Refer to the Security Culture project section for the various types of security testing.
Sections:
6.1 Guides
6.1.1 Web Security Testing Guide
6.1.2 MAS Testing Guide
6.1.3 Application Security Verification Standard
6.2 Tools
6.2.1 DAST tools
6.2.2 Amass
6.2.3 Offensive Web Testing Framework
6.2.4 Nettacker
6.2.5 OWASP Secure Headers Project
6.3 Frameworks
6.3.1 secureCodeBox
6.4 Vulnerability management
6.4.1 DefectDojo
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.