Web application security - the fast guide 1.1

Chapter 9 - Secure Application Development P a g e | 189 a. Evaluating an organization’s existing software security practices b. Demonstrating concrete improvements to a security assurance c. Building a balanced software security program in well-defined iterations d. All the above 10. SAMM and BSIMM methods have similar approach to assess maturity with the main difference: a. SAMM does not focus on security practices but on using tools and black box assessment to extract vulnerabilities and assess maturity level. b. BSIMM is a descriptive method since it is built on quantitative study in time where SAMM is prescriptive frame work. c. BSIMM provides 5 levels of maturity in contrast with SAMM that depends on assessing the security on a scale of 7 covered functionalities. d. None of the above Answers key 1 d 2 c 3 b 4 essay 5 a 6 d 7 b 8 a 9 d 10 b

Web application security - the fast guide 1.1 | Page 189