The OWASP ASVS 4.0 testing guide is an unofficial supporting document to the OWASP Application Security Verification Standard which attempts to describe each level 1 control, what are the consequences of not being compliant with it, how to test it - with known open source tools or manually - and the criteria for the control to be valid. Additionally, to several controls there have been developed scripts using bash or OWASP ZAP scripting engine to automate the check of said controls. The "ZAP-scripts" folder includes a guide on how to get started with ZAP scripts.
The aim of this project is to assist companies and organizations with getting started with using OWASP ASVS.
Find more about the project in an article on ZAProxy's website: Automate checking ASVS controls using ZAP scripts
PDF version of OWASP ASVS 4.0 testing guide
Check out CONTRIBUTING.md
