The Application Security Verification Standard is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, tool vendors, and consumers to define, build, test and verify secure applications.
Version 4.0.3, October 2021
Copyright © 2008-2021 The OWASP Foundation. This document is released under the Creative Commons Attribution ShareAlike 3.0 license. For any reuse or distribution, you must make clear to others the license terms of this work.
| Andrew van der Stock | Daniel Cuthbert | Jim Manico |
| Josh C Grossman | Elar Lang |
| Abhay Bhargav | Benedikt Bauer | Osama Elnaggar |
| Ralph Andalis | Ron Perris | Sjoerd Langkemper |
| Tonimir Kisasondi |
| Aaron Guzman | Alina Vasiljeva | Andreas Kurtz | Anthony Weems | Barbara Schachner |
| Christian Heinrich | Christopher Loessl | Clément Notin | Dan Cornell | Daniël Geerts |
| David Clarke | David Johansson | David Quisenberry | Elie Saad | Erlend Oftedal |
| Fatih Ersinadim | Filip van Laenen | Geoff Baskwill | Glenn ten Cate | Grant Ongers |
| hello7s | Isaac Lewis | Jacob Salassi | James Sulinski | Jason Axley |
| Jason Morrow | Javier Dominguez | Jet Anderson | jeurgen | Jim Newman |
| Jonathan Schnittger | Joseph Kerby | Kelby Ludwig | Lars Haulin | Lewis Ardern |
| Liam Smit | lyz-code | Marc Aubry | Marco Schnüriger | Mark Burnett |
| Philippe De Ryck | Ravi Balla | Rick Mitchell | Riotaro Okada | Robin Wood |
| Rogan Dawes | Ryan Goltry | Sajjad Pourali | Serg Belkommen | Siim Puustusmaa |
| Ståle Pettersen | Stuart Gunter | Tal Argoni | Tim Hemel | Tomasz Wrobel |
| Vincent De Schutter | Mike Jang |
If a credit is missing from the 4.0.3 credit list above, please log a ticket at GitHub to be recognized in future updates.
The Application Security Verification Standard is built upon the shoulders of those involved from ASVS 1.0 in 2008 to 3.0 in 2016. Much of the structure and verification items that are still in the ASVS today were originally written by Mike Boberski, Jeff Williams and Dave Wichers, but there are many more contributors. Thank you to all those previously involved. For a comprehensive list of all those who have contributed to earlier versions, please consult each prior version.