Skip to content
This repository has been archived by the owner on Apr 9, 2024. It is now read-only.
/ ASVS Public archive
forked from OWASP/ASVS

Application Security Verification Standard

Notifications You must be signed in to change notification settings

praetorian-inc/ASVS

 
 

Repository files navigation

OWASP Application Security Verification Standard

The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard.

The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS)and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications.

The latest published version is version 3.0.1, which can be found:

The next version is going to be version 3.1, which can be found above in Word, JSON, and Excel formats. This is due for release at AppSec EU in May 2017.

The requirements were developed with the following objectives in mind:

  • Use as a metric - Provide application developers and application owners with a yardstick with which to assess the degree of trust that can be placed in their Web applications,
  • Use as guidance - Provide guidance to security control developers as to what to build into security controls in order to satisfy application security requirements, and
  • Use during procurement - Provide a basis for specifying application security verification requirements in contracts

About

Application Security Verification Standard

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • XSLT 100.0%