diff --git a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md index e38da3d57..c97bdebf2 100644 --- a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md +++ b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md @@ -3,62 +3,9 @@ Attackers can potentially use many different paths through your application to d ![Calculation diagram](../assets/2025-algorithm-diagram.png) - - - - - - - - - - - - - - - - - -
- Threat Agents - - Attack \ -Vectors - - Exploitability - - Likelihood of Missing Security -

- - Controls -

- Technical -

- - Impacts -

- Business -

- - Impacts -

- By environment, \ -dynamic by situation picture - - By Application exposure (by environment) - - Avg Weighted Exploit - - Missing Controls \ -by average Incidence rate \ -Weighed by coverage - - Avg Weighted Impact - - By Business -
- +| Threat Agents | Attack Vectors | Exploitability | Likelihood of Missing Security Controls | Technical Impacts | Business Impacts | +| --- | --- | --- | --- | --- | --- | +| Varies by environment and context | Based on application exposure | Average weighted exploitability | Weighted by incidence rate and control coverage | Average weighted impact | Based on business impact | In our Risk Rating we have taken into account the universal parameters of exploitability, average likelihood of missing security controls for a weakness and its technical impacts. diff --git a/2025/docs/en/0x03_2025-Establishing_a_Modern_Application_Security_Program.md b/2025/docs/en/0x03_2025-Establishing_a_Modern_Application_Security_Program.md index 11f75e0e6..c7d3a5758 100644 --- a/2025/docs/en/0x03_2025-Establishing_a_Modern_Application_Security_Program.md +++ b/2025/docs/en/0x03_2025-Establishing_a_Modern_Application_Security_Program.md @@ -42,7 +42,7 @@ If you are starting a program from scratch, or you find OWASP SAMM or DSOMM ‘t * Review your current system development life cycle and all software security activities, tooling, policies, and processes, then document them. -* For new software, add one or more security activities to each phase of the system development life cycle (SDLC). Below we offer many suggestions of what you can do below. Ensure you perform these new activities on every new project or software initiative, this way you will know each new piece of software will be delivered at an acceptable security posture for your organizations. +* For new software, add one or more security activities to each phase of the system development life cycle (SDLC). Below we offer many suggestions of what you can do. Ensure you perform these new activities on every new project or software initiative, this way you will know each new piece of software will be delivered at an acceptable security posture for your organizations. * Select your activities to ensure your final product meets an acceptable level of risk for your organization.