This is a documentation project that discusses the importance and benefits of establishing a security culture when building an application security program. The guide considers security at each stage of the Software Development LifeCycle (SDLC), helping to create secure development practices. Topics discussed include: Defining a maturity goal; Collaboration between security and development teams; Security Champions; Activities, such as Capture the Flag; Threat modelling; Security testing; Metrics; all with references to useful relevant OWASP projects.
Download the latest release or view the web version on the OWASP website.
- Nick Miller