User Interface for Evaluating and Improving Software Security - Establishing Design Guidelines for a Comprehensive OWASP SAMM Too

Abstract

The purpose of this project was to improve software security management by centralizing the Open Worldwide Application Security Projects Software Assurance Maturity Model (OWASP SAMM) assessment procedure. This was done by designing and implementing a user interface for SAMM which reduces complexity and improves the user experience. The thesis was done in collaboration with Decerno AB, a IT consulting firm which specializes in building tailored software systems. By integrating user-centered design principles and participatory design methodologies, the product named Salsa was developed. Salsa provides the entire SAMM process in one place making SAMM easier to work with. From careful evaluation of Salsa and the process a set of design guidelines for a comprehensive OWASP SAMM tool were established. This thesis contributes to the field by demonstrating how centralized and interactive tools can enhance the efficiency and effectiveness of software security management.