From 4373056009d8ac09b6e8019e7f30c0424c841f1e Mon Sep 17 00:00:00 2001 From: Timo Pagel Date: Fri, 26 Jul 2024 17:04:37 +0200 Subject: [PATCH 1/4] feat: add dsomm user day --- src/app/app-routing.module.ts | 2 + src/app/app.component.css | 42 +++++++++---------- src/app/app.module.ts | 2 + .../sidenav-buttons.component.ts | 3 ++ .../component/userday/userday.component.css | 8 ++++ .../component/userday/userday.component.html | 3 ++ .../userday/userday.component.spec.ts | 24 +++++++++++ .../component/userday/userday.component.ts | 10 +++++ src/assets/Markdown Files/userday.md | 31 ++++++++++++++ src/styles.css | 1 + 10 files changed, 105 insertions(+), 21 deletions(-) create mode 100644 src/app/component/userday/userday.component.css create mode 100644 src/app/component/userday/userday.component.html create mode 100644 src/app/component/userday/userday.component.spec.ts create mode 100644 src/app/component/userday/userday.component.ts create mode 100644 src/assets/Markdown Files/userday.md diff --git a/src/app/app-routing.module.ts b/src/app/app-routing.module.ts index d63ce8911..06365605b 100644 --- a/src/app/app-routing.module.ts +++ b/src/app/app-routing.module.ts @@ -1,6 +1,7 @@ import { Component, NgModule } from '@angular/core'; import { RouterModule, Routes } from '@angular/router'; import { AboutUsComponent } from './component/about-us/about-us.component'; +import { UserdayComponent } from './component/userday/userday.component'; import { CircularHeatmapComponent } from './component/circular-heatmap/circular-heatmap.component'; import { MappingComponent } from './component/mapping/mapping.component'; import { MatrixComponent } from './component/matrix/matrix.component'; @@ -16,6 +17,7 @@ const routes: Routes = [ { path: 'usage', component: UsageComponent }, { path: 'teams', component: Teams }, { path: 'about', component: AboutUsComponent }, + { path: 'userday', component: UserdayComponent }, ]; @NgModule({ diff --git a/src/app/app.component.css b/src/app/app.component.css index d73a93185..56e066580 100644 --- a/src/app/app.component.css +++ b/src/app/app.component.css @@ -1,22 +1,22 @@ - .main-container { - width: 100%; - height: 100%; - /*border: 10px solid yellow;*/ - } - - .sidenav-content { - display: flex; - padding: 10px; - align-items: left; - justify-content: left; - /*background-color: red;*/ - } - - .example-sidenav { - padding: 20px; - } - - .github-fork-ribbon:before { - background-color: #333; - } \ No newline at end of file +.main-container { + width: 100%; + height: 100%; + /*border: 10px solid yellow;*/ +} + +.sidenav-content { + display: flex; + padding: 10px; + align-items: left; + justify-content: left; + /*background-color: red;*/ +} + +.example-sidenav { + padding: 20px; +} + +.github-fork-ribbon:before { + background-color: #333; +} diff --git a/src/app/app.module.ts b/src/app/app.module.ts index f453b4b84..b43eefe60 100644 --- a/src/app/app.module.ts +++ b/src/app/app.module.ts @@ -17,6 +17,7 @@ import { CircularHeatmapComponent } from './component/circular-heatmap/circular- import { MappingComponent } from './component/mapping/mapping.component'; import { ReadmeToHtmlComponent } from './component/readme-to-html/readme-to-html.component'; import { UsageComponent } from './component/usage/usage.component'; +import { UserdayComponent } from './component/userday/userday.component'; import { AboutUsComponent } from './component/about-us/about-us.component'; import { DependencyGraphComponent } from './component/dependency-graph/dependency-graph.component'; import { Teams } from './component/teams/teams.component'; @@ -38,6 +39,7 @@ import { ToStringValuePipe } from './pipe/to-string-value.pipe'; DependencyGraphComponent, Teams, ToStringValuePipe, + UserdayComponent, ], imports: [ BrowserModule, diff --git a/src/app/component/sidenav-buttons/sidenav-buttons.component.ts b/src/app/component/sidenav-buttons/sidenav-buttons.component.ts index 58904b649..01855215c 100644 --- a/src/app/component/sidenav-buttons/sidenav-buttons.component.ts +++ b/src/app/component/sidenav-buttons/sidenav-buttons.component.ts @@ -13,6 +13,7 @@ export class SidenavButtonsComponent { 'Usage', 'Teams', 'About Us', + 'DSOMM User Day 2024', ]; Icons: string[] = [ 'table_chart', @@ -21,6 +22,7 @@ export class SidenavButtonsComponent { 'description', 'people', 'info', + 'school', ]; Routing: string[] = [ '/', @@ -29,6 +31,7 @@ export class SidenavButtonsComponent { '/usage', '/teams', '/about', + '/userday', ]; constructor() {} } diff --git a/src/app/component/userday/userday.component.css b/src/app/component/userday/userday.component.css new file mode 100644 index 000000000..ece5c7240 --- /dev/null +++ b/src/app/component/userday/userday.component.css @@ -0,0 +1,8 @@ +table :is(td, th) { + border: 1px solid black; + padding: 0.3em; +} + +tr:nth-child(even) { + background-color: #66bb6a; +} diff --git a/src/app/component/userday/userday.component.html b/src/app/component/userday/userday.component.html new file mode 100644 index 000000000..2cda5977f --- /dev/null +++ b/src/app/component/userday/userday.component.html @@ -0,0 +1,3 @@ + + diff --git a/src/app/component/userday/userday.component.spec.ts b/src/app/component/userday/userday.component.spec.ts new file mode 100644 index 000000000..231e6e33c --- /dev/null +++ b/src/app/component/userday/userday.component.spec.ts @@ -0,0 +1,24 @@ +import { ComponentFixture, TestBed } from '@angular/core/testing'; + +import { UserdayComponent } from './userday.component'; + +describe('UserdayComponent', () => { + let component: UserdayComponent; + let fixture: ComponentFixture; + + beforeEach(async () => { + await TestBed.configureTestingModule({ + declarations: [UserdayComponent], + }).compileComponents(); + }); + + beforeEach(() => { + fixture = TestBed.createComponent(UserdayComponent); + component = fixture.componentInstance; + fixture.detectChanges(); + }); + + it('should create', () => { + expect(component).toBeTruthy(); + }); +}); diff --git a/src/app/component/userday/userday.component.ts b/src/app/component/userday/userday.component.ts new file mode 100644 index 000000000..9c7d402af --- /dev/null +++ b/src/app/component/userday/userday.component.ts @@ -0,0 +1,10 @@ +import { Component } from '@angular/core'; + +@Component({ + selector: 'app-userday', + templateUrl: './userday.component.html', + styleUrls: ['./userday.component.css'], +}) +export class UserdayComponent { + constructor() {} +} diff --git a/src/assets/Markdown Files/userday.md b/src/assets/Markdown Files/userday.md new file mode 100644 index 000000000..5f2558e74 --- /dev/null +++ b/src/assets/Markdown Files/userday.md @@ -0,0 +1,31 @@ +## Description + +The OWASP DSOMM team is happy to announce its upcoming User Day on Wednesday, September 25th 2024. It is part of the OWASP AppSec San Francisco. + +## Location +Hyatt Regency San Francisco +Address: 5 Embarcadero Center San Francisco, CA 94111 United States +Room: To be announced. + +## Agenda + +| Time | Title | Speaker | +|-------|-------------------------------------------------------|---------------------| +| 9:00 | Welcome | Timo Pagel | +| 9:05 | Key Steps to Achieving an Application Security Program | Timo Pagel | +| 10:00 | Workshop? | Jannik H | +| 10:00 | XXX | Chris K | +| 12:00 | Lunch Break | / | +| 13:30 | Utilizing DSOMM app to define your own program | Timo Pagel | +| 14:00 | Workshop: Build your own program | Francesco Cipollone | +| 16:00 | Wrap Up | Timo Pagel | + + +### Talk Descriptions +#### Key Steps to Achieving an Application Security Program +This talk outlines a practical approach to building and optimizing application security (AppSec) programs for organizations of all sizes. +While briefly touching on foundational elements, the presentation focuses on developing and implementing a custom organizational maturity model that resonates with development and operations teams. Moving beyond traditional frameworks, attendees will learn to design tailored models that account for diverse operating environments. The talk provides strategies for avoiding common pitfalls, implementing effective metrics, and creating a scalable AppSec approach adaptable to an organization’s evolving needs. Through actionable advice and real-world examples, participants will gain insights applicable to both new and existing AppSec programs. + +#### Workshop secureCodeBox? + +#### Workshop: Build your own program diff --git a/src/styles.css b/src/styles.css index 7e7239a2e..96548d662 100644 --- a/src/styles.css +++ b/src/styles.css @@ -2,3 +2,4 @@ html, body { height: 100%; } body { margin: 0; font-family: Roboto, "Helvetica Neue", sans-serif; } + From 103efe3973917296d425508b3d658acca68c32d2 Mon Sep 17 00:00:00 2001 From: Timo Pagel Date: Mon, 29 Jul 2024 12:21:32 +0200 Subject: [PATCH 2/4] iadjust --- src/assets/Markdown Files/userday.md | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/src/assets/Markdown Files/userday.md b/src/assets/Markdown Files/userday.md index 5f2558e74..a9daf20fd 100644 --- a/src/assets/Markdown Files/userday.md +++ b/src/assets/Markdown Files/userday.md @@ -11,14 +11,15 @@ Room: To be announced. | Time | Title | Speaker | |-------|-------------------------------------------------------|---------------------| -| 9:00 | Welcome | Timo Pagel | -| 9:05 | Key Steps to Achieving an Application Security Program | Timo Pagel | -| 10:00 | Workshop? | Jannik H | -| 10:00 | XXX | Chris K | +| 09:00 | Welcome | Timo Pagel | +| 09:05 | Key Steps to Achieving an Application Security Program | Timo Pagel | +| 10:00 | Workshop? | Jannik H | | 12:00 | Lunch Break | / | +| 13:00 | Talk? | Chris K | | 13:30 | Utilizing DSOMM app to define your own program | Timo Pagel | -| 14:00 | Workshop: Build your own program | Francesco Cipollone | -| 16:00 | Wrap Up | Timo Pagel | +| 14:00 | Lunch Break | / | +| 14:15 | Workshop: Build your own program | Francesco Cipollone | +| 16:15 | Wrap Up | Timo Pagel | ### Talk Descriptions @@ -28,4 +29,10 @@ While briefly touching on foundational elements, the presentation focuses on dev #### Workshop secureCodeBox? -#### Workshop: Build your own program +#### Workshop Application and Vulnerability maturity Model (VMM)- DSOMM Map +Organizations face an ever-increasing risk of cyberattacks and data breaches. Vulnerabilities are getting discovered faster than ever, with a 34% Year-over-Year increase of vulnerability discovery. Vulnerabilities are often tackled as they come from security scanners, leading to burnout of security professionals, with 50% of security engineers considering changing their profession entirely. This workshop explores the vulnerability management process that applies to application, cloud, and infrastructure security. + +To mitigate these risks, vulnerability management and triage have become essential components of an effective cybersecurity program. Vulnerability triage, in particular, plays a critical role in identifying, prioritizing, and remediating vulnerabilities to minimize the organization’s attack surface across applications, cloud and infrastructure. However, the process of vulnerability triage is not a one-size-fits-all approach and requires a maturity model that reflects the organization’s current state of readiness. In this workshop, you will explore the evolution of vulnerability management and triage process maturity and how organizations can enhance their capabilities to manage and mitigate cybersecurity risks effectively. + +Why we created the vulnerability management process? We created the vulnerability maturity model to provide a quick and easy assessment method to define where you are in the vulnerability assessment process from triage. +The VMM is mapped back to both SAMM, and DSOMM. From 372bc4f81f6d9d3acec5cd9f7c0e89d289a658cf Mon Sep 17 00:00:00 2001 From: Timo Pagel Date: Tue, 30 Jul 2024 11:15:32 +0200 Subject: [PATCH 3/4] add userday --- src/assets/Markdown Files/userday.md | 42 ++++++++++++++++++---------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/src/assets/Markdown Files/userday.md b/src/assets/Markdown Files/userday.md index 5f2558e74..8414c1b8a 100644 --- a/src/assets/Markdown Files/userday.md +++ b/src/assets/Markdown Files/userday.md @@ -7,19 +7,18 @@ Hyatt Regency San Francisco Address: 5 Embarcadero Center San Francisco, CA 94111 United States Room: To be announced. -## Agenda - -| Time | Title | Speaker | -|-------|-------------------------------------------------------|---------------------| -| 9:00 | Welcome | Timo Pagel | -| 9:05 | Key Steps to Achieving an Application Security Program | Timo Pagel | -| 10:00 | Workshop? | Jannik H | -| 10:00 | XXX | Chris K | -| 12:00 | Lunch Break | / | -| 13:30 | Utilizing DSOMM app to define your own program | Timo Pagel | -| 14:00 | Workshop: Build your own program | Francesco Cipollone | -| 16:00 | Wrap Up | Timo Pagel | - +## Agenda (DRAFT) +Please expect changes in the timeline. + +| Time | Title | Speaker | +|-------|--------------------------------------------------------------------------|---------------------| +| 9:00 | Welcome | Timo Pagel | +| 9:05 | Key Steps to Achieving an Application Security Program | Timo Pagel | +| 10:00 | Reach your Dynamic Depth with OWASP secureCodeBox | Jannik Hollenbach | +| 12:00 | Lunch Break | / | +| 13:30 | Workshop: Utilizing DSOMM app to define your own program | Timo Pagel | +| 14:00 | Workshop: Application and Vulnerability maturity Model (VMM) - DSOMM Map | Francesco Cipollone | +| 16:00 | Wrap Up | Timo Pagel | ### Talk Descriptions #### Key Steps to Achieving an Application Security Program @@ -28,4 +27,19 @@ While briefly touching on foundational elements, the presentation focuses on dev #### Workshop secureCodeBox? -#### Workshop: Build your own program +#### Workshop: Utilizing DSOMM app to define your own program +Get to know the DSOMM application and how to customize it to distribute your AppSec Program as a maturity model. + +Requirements: +- Docker + +Linux is recommended. + +#### Workshop: Application and Vulnerability maturity Model (VMM) - DSOMM Map +Organizations face an ever-increasing risk of cyberattacks and data breaches. Vulnerabilities are getting discovered faster than ever, with a 34% YoY increase of vulnerability discovery. Vulnerabilities are often tackled as they come from security scanners, leading to burnout of security professionals, with 50% of security engineers considering changing their profession entirely. This workshop explores the vulnerability management process that applies to application, cloud, and infrastructure security. + +To mitigate these risks, vulnerability management and triage have become essential components of an effective cybersecurity program. Vulnerability triage, in particular, plays a critical role in identifying, prioritizing, and remediating vulnerabilities to minimize the organization's attack surface across applications, cloud and infrastructure. However, the process of vulnerability triage is not a one-size-fits-all approach and requires a maturity model that reflects the organization's current state of readiness. In this workshop, you will explore the evolution of vulnerability management and triage process maturity and how organizations can enhance their capabilities to manage and mitigate cybersecurity risks effectively. + +Why we created the vulnerability management process? +We created the vulnerability maturity model to provide a quick and easy assessment method to define where you are in the vulnerability assessment process from triage. +The VMM is mapped back to both SAMM, and DSOMM. From ea5765ec184b58189f98c3f65d9e6343597be11f Mon Sep 17 00:00:00 2001 From: Timo Pagel Date: Tue, 30 Jul 2024 11:18:07 +0200 Subject: [PATCH 4/4] add hints to changes --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 3f758afaa..ec9d7c00c 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,11 @@ You can switch on to show open TODO's for evidence by changing IS_SHOW_EVIDENCE_ This page uses the Browser's localStorage to store the state of the circular headmap. +# Changes +Changes to the application are displayed at the release page of [DevSecOps-MaturityModel](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/releases). + +Changes to the maturity model content are displayed at the release page of [DevSecOps-MaturityModel-data](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/releases). + # Community Join #dsomm in [OWASP Slack](https://owasp.slack.com/join/shared_invite/zt-g398htpy-AZ40HOM1WUOZguJKbblqkw#/). Create issues or even better Pull Requests in [github](https://github.com/wurstbrot/DevSecOps-MaturityModel/).