SAMMY UI is optimized for resolutions with a width 1024px and higher.
DSOMM
Browse DSOMM
O-EG-1-1: Ad-Hoc Security trainings for software developers
O-EG-1-2: Security consulting on request
O-EG-2-1: Each team has a security champion
O-EG-2-2: Regular security training for all
O-EG-2-3: Regular security training of security champions
O-EG-2-4: Reward of good communication
O-EG-2-5: Security code review
O-EG-3-1: Conduction of build-it, break-it, fix-it contests
O-EG-3-2: Security Coaching
O-EG-3-3: Security-Lessoned-Learned
O-EG-3-4: Simple mob hacking
O-EG-4-1: Aligning security in teams
O-EG-4-2: Conduction of collaborative team security checks
O-EG-4-3: Conduction of war games
O-EG-4-4: Regular security training for externals
O-EG-5-1: Conduction of collaborative security checks with developers and system administrators
Simple mob hacking
O-EG-3-4: Simple mob hacking
  • Participate with your whole team in a simple mob hacking session organized by the Security Champion Guild. In the session the guild presents a vulnerable application and together you look at possible exploits. Just like in mob programming there is one driver and several navigators.
Description
  • All exploits happen via the user interface. - No need for security/hacking tools. - No need for deep technical or security knowledge. - Use an insecure training app, e.g., DVWA or OWASP Juice Shop. - Encourage active participation, e.g., use small groups. - Allow enough time for everyone to run at least one exploit. - The team gets an idea of how exploits can look like and how easy applications can be attacked. - The team understands functional correct working software can be highly insecure and easy to exploit.