Verification
6. Verification
Verification is one of the business functions described by the OWASP SAMM.
Verification focuses on the processes and activities related to how an organization checks and tests artifacts produced throughout software development. This typically includes quality assurance work such as testing, and also includes other review and evaluation activities.
Verification activities should include:
- Architecture assessment, validation and mitigation
- Requirements-driven testing
- Security control verification and misuse/abuse testing
- Automated security testing and baselining
- Manual security testing and penetration testing
These activities are supported by:
- Security guides
- Test tools
- Test frameworks
- Vulnerability management
- Checklists
Sections:
6.1 Guides
6.1.1 Web Security Testing Guide
6.1.2 Mobile Application Security
6.1.3 Application Security Verification Standard
6.2 Tools
6.2.1 Zed Attack Proxy
6.2.2 Amass
6.2.3 Offensive Web Testing Framework
6.2.4 Nettacker
6.2.5 OWASP Secure Headers Project
6.3 Frameworks
6.3.1 secureCodeBox
6.4 Vulnerability management
6.4.1 DefectDojo
6.5 Do’s and Don’ts
6.5.1 Secure environment
6.5.2 System hardening
6.5.3 Open Source software
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.