OWASP Security Culture

This is a documentation project that discusses the importance and benefits of establishing a security culture when building an application security program. The guide considers security at each stage of the Software Development LifeCycle (SDLC), helping to create secure development practices. Topics discussed include: Defining a maturity goal; Collaboration between security and development teams; Security Champions; Activities, such as Capture the Flag; Threat modelling; Security testing; Metrics; all with references to useful relevant OWASP projects.

Stable

View the always-current stable version at stable.

Version 1.1 - October 2024

Added section on Bug bounties and Application Security Posture Management. Updated references to OWASP projects. View web, download pdf or epub.

Version 1.0 - April 2022

View web, download pdf or epub.