OWASP SAMM Assessments

The OWASP Software Assurance Maturity Model (SAMM) provides guidance for improving an organization's software security posture across the entire software development life cycle.

The OWASP Software Assurance Maturity Model (SAMM) provides guidance for improving an organization's software security posture across the entire software development life cycle. It defines five business functions:

  1. Governance

  2. Design

  3. Implementation

  4. Verification

  5. Operations

Each business function has three security practice areas of security-related activities that build assurance for the related business function.

Security practices have activities grouped in logical flows and divided into two streams. Streams cover different aspects of a practice and have their own objectives, aligning and linking the activities in the practice over the different maturity levels.

Our OWASP SAMM assessments map your organization's current software security activities to SAMM.  We provide maturity ratings for each security practice, identifying strengths to leverage and gaps to improve. Regular OWASP SAMM assessments enable an application security program to incrementally evolve and enhance security practices in a structured way.

As opposed to point-in-time audits, our assessments take a continuous improvement approach. With periodic OWASP SAMM reviews and iterations, organizations can steadily advance their application security maturity, achieve compliance, and reduce software risk - the end goal being to fully embed security within the software development life cycle.

A table divided into five columns labeled Governance, Design, Implementation, Verification, and Operations. Each column contains specific rows with sections such as Strategy & Metrics, Policy & Standards, Training & Awareness, Threat Assessment, Security Requirements, Secure Architecture, Secure Build, Secure Deployment, Defect Management, Architecture Validation, Requirements-driven Testing, Security Testing, Incident Management, Environment Management, and Operational Management, organized into two streams labeled A and B.

Why Choose Conquest Security?

Conquest Security is a trusted partner for organizations seeking to assess and improve their software security programs using the OWASP Software Assurance Maturity Model (SAMM).

As a Bronze Sponsor of OWASP SAMM, we are closely aligned with the model’s structure and objectives. Our assessments provide a clear view of your current maturity across the five SAMM business functions and 15 security practices, along with tailored, risk-based recommendations to support practical improvement.

We also partner with Codific, developers of the SAMMY platform, a secure, cloud-based solution that simplifies SAMM assessments, tracks capability maturity, and manages supporting documentation. SAMMY brings structure and efficiency to the entire process, making software assurance more measurable and actionable.

  • SAMM-aligned assessments led by experienced security advisors

  • Coverage across governance, design, implementation, verification, and operations

  • Risk-based roadmaps aligned with your development workflows

  • Supported by the SAMMY platform for streamlined assessment and tracking

  • Trusted by teams building secure software in regulated and high-trust environments

Ready to assess and improve your software security posture?

Request an OWASP SAMM Assessment from Conquest Security and get a clear view of your strengths, gaps, and maturity across the software development lifecycle.