OWASP Security Culture

This is a documentation project that discusses the importance and benefits of establishing a security culture when building an application security program. The guide considers security at each stage of the Software Development LifeCycle (SDLC), helping to create secure development practices. Topics discussed include: Defining a maturity goal; Collaboration between security and development teams; Security Champions; Activities, such as Capture the Flag; Threat modelling; Security testing; Metrics; all with references to useful relevant OWASP projects.


View the always-current stable version at stable.

Version 1.0 - April 2022

View web, download pdf or epub.