The OWASP New Zealand Chapter is pleased to present our annual Training Day event. This year, we are offering classes in three cities - Dunedin, Auckland, and Wellington, on different Saturdays in October.

In Auckland, we are offering two classes on Saturday, 10 October:

• A Cat, a Dog, and a Roast Turkey (Reloaded) - Wade Winright
• Secure Your SDLC Using OWASP SAMM - ASAP! - John DiLeo

Registration check-in will open at 8:00 a.m., and classes will run from 8:45 a.m. to 5:30 p.m., with breaks for lunch and morning and afternoon tea.

Registration is NZ $195.00 (plus EventBrite fees). Your entire registration fee (less PayPal's cut) will be contributed to the OWASP SAMM Project, to support their ongoing efforts.

A special thank-you to Grid/AKL for furnishing our great meeting space.

Registration closes on Thursday, 8 October.

Secure Your SDLC using OWASP SAMM - ASAP!

John DiLeo (OWASP SAMM Co-Author)

Training Abstract:

Building security into the software development and management practices of an organisation can be a daunting task. There are many elements to the equation: company structure, different stakeholders, technology stacks, tools and processes, and so forth.

Implementing software assurance can produce significant benefits for the organisation. Yet, trying to achieve this without a good framework often yields only marginal and unsustainable improvements. OWASP SAMM provides exactly the structured, measurable framework that's needed. It enables you to formulate and implement a strategy for software security tailored to your organisation's risk profile.

The goal of this one-day training, organised as a mix of presentations and interactive workshops, is for the participants to get a more in-depth view of and practical feel for the OWASP SAMM model. The training is set up in three parts:

• In the first part, we present an overview of the model, and review the similarities and differences with other models. The five Business Functions - Governance, Design, Implementation, Verification, and Operations - are explained. We address the various constituent elements (e.g., metrics), and review representative usage scenarios for the model.
• Next, approximately half a day will be spent doing an actual SAMM evaluation of your organisation (or one that you have worked for). We will go through an evaluation of all the SAMM domains and discuss the results in the group. This will give all participants a good indication of the organisation’s maturity in software assurance. In the same effort, we will define a target model for your organisation and identify the most important challenges in getting there.
• The final part of the training will be dedicated to specific questions or challenges that you are facing about secure development in your organisation. In this group discussion, experiences will be shared among participants to address these questions.

If you've been struggling to launch a secure software initiative in your organisation, this training should provide you with the necessary foundations and ideas to do so.

About John

John is an active member and leader of several OWASP projects and global committees, including as a core member of the OWASP SAMM Project team and a co-author of the OWASP SAMM version 2.0 model, released in January 2020. He also serves as a co-leader of the OWASP New Zealand Chapter.

In his day job, John serves as an internal application security consultant at Air New Zealand.

Twitter: @gr4ybeard