Under the umbrella of OWASP we created a fundamentals course for OWASP SAMM. If you are new to OWASP SAMM, or if you want to get new colleagues up to speed this is a great place to start. The SAMM training walks through all 5 business functions and explains how each security practice should be interpreted and scored.
The SAMM training consists of 79 lessons with a total of 5 hours of video content. It also includes two practical case studies to practice SAMM assessments. The instructor of the course is our CEO Dr. Aram Hovsepyan. Upon completion of the course you will receive a certificate of completion.
The full OWASP SAMM training available for free on Thinkific.
Extract from the OWASP SAMM Training
Find out more about all the things the Codific team does at OWASP.
OWASP SAMM Fundamentals Course content
The OWASP SAMM Fundamentals course follows the structure of the OWASP SAMM model from left to right. This is up to some extent the logical way of going through the model, Governance, Design, Implementation, Verification and Operations. We recommend going through the whole course, but we understand that you may be looking for guidance on a specific practice or business function. In that case you could jump straight to that chapter.
Introduction to OWASP SAMM and the Fundamentals Course
In the first chapter of the SAMM training you will find the general introduction of the course. Aram starts out by giving a broad overview of the context in which OWASP SAMM was created, including a short overview of the history of the model. Then the model itself is introduced. You should refer to this chapter if you are trying to get an overall picture of the structure of the model, methodology for use and introduction to assessment tools.
The best tool to use SAMM is Codific’s SAMMY, you can use it for free here.