The OWASP Application Security Verification Standard (ASVS) is a comprehensive framework aimed at establishing security requirements for web applications and services.
ASVS is organized into three verification levels, each increasing in depth and complexity:
-
Level 1: Basic security controls applicable to all software.
-
Level 2: Enhanced controls for applications handling sensitive data, requiring a higher level of trust.
-
Level 3: Comprehensive security controls for applications that require the highest assurance level, typically involving critical data or high-risk environments.
The ASVS consists of 14 chapters, each focusing on specific aspects of application security. Here are some key areas included in the checklist:
Authentication: Ensures secure user authentication processes.
Access Control: Verifies that users have appropriate permissions and that unauthorized access is prevented.
Data Protection: Focuses on securing sensitive data both at rest and in transit.
API Security: Addresses security measures specific to application programming interfaces.
Configuration Hardening: Ensures that applications are securely configured to minimize vulnerabilities.
Threat Modeling: Guides the identification and mitigation of potential threats during the development process.
-
This checklist is compatible with ASVS version 4.0.3
-
you can display a summary graph on the Project by download asvs_checklist.xlsx
use DefectDojo for make asvs systematic with update on every project ! we can use defectdojo benchmark for checking ASVS
OWASP Application Security Verification Standard 4.0.1 Persian PDF