Skip to main content




OWASP Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The version used in this section is OWASP SAMM v1.0.


SA. Security Architecture
048. Components with minimal dependencies
062. Define standard configurations
161. Define secure default options
262. Verify third-party components
266. Disable insecure functionalities
348. Use consistent encoding
ST. Security Testing
154. Eliminate backdoors
155. Application free of malicious code
156. Source code without sensitive information
157. Use the strict mode
158. Use a secure programming language
159. Obfuscate code
162. Avoid duplicate code
164. Use optimized structures
168. Initialize variables explicitly
171. Remove commented-out code
344. Avoid dynamic code execution
345. Establish protections against overflows
OM. Operational Management
075. Record exceptional events in logs
091. Use internally signed certificates
092. Use externally signed certificates
154. Eliminate backdoors
178. Use digital signatures
266. Disable insecure functionalities
338. Implement perfect forward secrecy
353. Schedule firmware updates
378. Use of log management system
free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.