Category:OWASP Application Security Verification Standard Project
The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications. The requirements were developed with the following objectives in mind:
Did you know...
A broad range of companies and agencies around the globe have added ASVS to their software assurance tool boxes, including Aspect Security, Astyran, Booz Allen Hamilton, Casaba Security, CGI Federal, Denim Group, Etebaran Informatics, Minded Security, Nixu, ps_testware, Proactive Risk, Quince Associates Limited (SeeMyData), Serviço Federal de Processamento de Dados (SERPRO), Universidad Distrital Francisco José de Caldas Organizations listed are not accredited by OWASP. Neither their products or services have been endorsed by OWASP. Use of ASVS may include for example providing verification services using the standard. Use of ASVS may also include for example performing internal evaluation of products with the OWASP ASVS in mind, and NOT making any claims of meeting any given level in the standard. Please let us know how your organization is using OWASP ASVS. Include your name, organization's name, and brief description of how you use the standard. The project lead can be reached here.
Let's talk here
Further development of ASVS occurs through mailing list discussions and occasional workshops, and suggestions for improvement are welcome. For more information, please contact us.
Got translation cycles?
The ASVS project is always on the lookout for volunteers who are interested in translating ASVS into another language.
What is this?
The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls.
News and Events
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?
Pages in category "OWASP Application Security Verification Standard Project"
The following 22 pages are in this category, out of 22 total.
- How to bootstrap the NIST risk management framework with verification activities
- How to bootstrap your SDLC with verification activities
- How to create verification project schedules
- How to meet verification reporting requirements
- How to perform a security architecture review at Level 1
- How to perform a security architecture review at Level 2
- How to specify verification requirements in contracts
- How to write verifier job requisitions