Category:OWASP Application Security Verification Standard Project

FAQ
More About OWASP ASVS Related projects
 * Getting Started Using ASVS (PDF)
 * Project Presentation (PowerPoint)
 * Executive-Level Presentation (PowerPoint)
 * Presentation Abstract (Word)
 * One Page Datasheet (PDF, Word)
 * Articles (More About ASVS and Using It)


 * OWASP Top Ten
 * OWASP Legal Project
 * OWASP ESAPI

Did You Know...


 * Businesses are under no obligation to seek inclusion in any sort of a registry or a program in order to perform application security verifications according to OWASP ASVS. Download the latest version and start using ASVS today!
 * More complex applications typically take more time to analyze resulting in longer and more costly verifications. Lines of code are not the only factors that determine the complexity of an application – different technologies will typically require different amounts of analysis.
 * Simple applications may include for example libraries and frameworks. Applications of moderate complexity may include simple Web 1.0 applications. Complex applications may include Web 2.0 applications and new/unique Web technologies.
 * One way to introduce verification as an activity into your SDLC is depicted in the figure below:



Download
Web Application Standard

Download ASVS now, for free, here.

Other Versions
 * Web Application Verification Standard 2008 (Release Version) (Word)

Earlier Versions
 * Web Application Verification Standard 2008 (Beta Version) (PDF, Word)
 * Web Application Verification Standard 2008 (Alpha Version) (PDF, Word)

News
Project News


 * 06/03/2009 - OWASP ASVS Release Version published! Mike Boberski, Jeff Williams, and Dave Wichers are the primary authors.


 * 05/15/2009 - OWASP ASVS users and adopters list updated to include Denim Group


 * 05/13/2009 - OWASP ASVS is presented by Dave Wichers at OWASP AppSec Europe 2009 - Poland.


 * 05/04/2009 - OWASP ASVS users and adopters list updated to include Casaba Security


 * 04/09/2009 - OWASP ASVS is the subject of an opinion piece by Mike Boberski in SC Magazine on the need for a web app standard


 * 04/08/2009 - OWASP ASVS users and adopters list updated to include ps_testware.


 * 04/06/2009 - OWASP ASVS users and adopters list updated to include Federal Deposit Insurance Corporation (FDIC).


 * 03/13/2009 - OWASP ASVS is presented by Dave Wichers at OWASP Software Assurance Day DC 2009 in conjunction with the Software Assurance Forum sponsored by the US Department of Homeland Security, Department of Defense and National Institute of Standards and Technology.


 * 02/25/2009 – OWASP ASVS proposed updates based on pilots being considered.


 * 01/22/2009 - OWASP ASVS has been integrated into the OWASP Secure Software Contract Annex in the OWASP Legal Project.


 * 01/08/2009 - OWASP ASVS is presented by Mike Boberski at the OWASP Washington VA Local Chapter meeting.


 * 12/29/2008 - OWASP ASVS is the subject of an article by DarkReading.


 * 12/08/2008 - OWASP ASVS Final assistance required! Please join the mailing list for more information and assignments.


 * 12/05/2008 - OWASP ASVS exits the Summer of Code 2008! The Beta draft of the Web Application Edition is released! Mike Boberski, Jeff Williams, and Dave Wichers are the primary authors.


 * 11/03/2008 - OWASP ASVS is presented by Jeff Williams at OWASP EU Summit 2008.


 * 10/03/2008 - OWASP ASVS Alpha draft is released! Mike Boberski is the primary author.


 * 04/16/2008 - OWASP ASVS Summer of Code 2008 proposal submitted by Mike Boberski wins!

Users/Contributors
This project licensed under the Creative Commons Attribution ShareAlike 3.0.

= Articles Below - More About ASVS and Using It =