Policy & Procedure
Infrastructure & Architecture
Develop, Test, Release
Maturity Assessments (OpenSamm)
Where does your program currently stand in comparison to objective industry benchmarks? Saltworks Security can evaluate your application security program against OWASP’s Software Assurance Maturity Model (OpenSAMM) to assess the maturity of your program and identify potential areas of concern. Saltworks Security helps businesses evaluate the maturity and completeness of their AppSec programs and define roadmaps for each company to create their best possible security outcome in terms of their business risk acceptance.
Policy & Procedure Creation
What regulations, laws, and contractual obligations impact your application security? What’s the best framework to base your program on?
Organizations need both Policies – the specific rules that govern every aspect of an organization’s application security, from specifics like the rules that surround input validation to the processes that define CICD efforts, and Procedures – the standard set of guidelines that govern how the policies are to be met.
Saltworks Security can help you identify the laws, regulations, and obligations that need to be considered when crafting a policy, as well as the best framework that meets your needs and requirements. An enterprise Policy must be based off an industry best practice framework (such as ISO 27001/27002, NIST SP 800 series, COBIT, ITIL, etc.). And development teams need a procedural baseline that they can understand to learn and implement proper controls within the SDLC (Software Development Life-Cycle) regardless of the development model implemented. Saltworks Security can guide your efforts from creation to implementation, and ensure those policies and procedures are followed.