Software quality and application security base on the AGILISO software development process and the OWASP standard

Globalization has driven all industrial sectors towards the modernization of obtaining, storing and accessing information in the support, mission and strategic processes, modernization that have started to become practically mandatory and immediate after the world pandemic declaration, which forced these processes to be carried out virtually since governments decreed confinements to the entire population; this unexpected circumstance leads to the imperative need to improve both software development practices and security testing of the applications that support the business operation. In this context, those responsible for internal control and information systems auditing departments must generate permanent evaluations of both software development processes and application security, ensuring compliance with international standards ISO/IEC 27001 and ISO/IEC 29110, verifying that the business logic is adequately supported by the organizations' own or outsourced developments. This is a proposal to evaluate software quality based on the AGILISO software development process and application security based on the OWASP application security verification standard, strengthening and optimizing the auditing activity by internal control, auditors and information systems consultants, allowing the timely proposal of action plans that seek to correct the deviations detected.