The OWASP Application Security Verification Standard (ASVS) is a framework for organizations to define, design, and measure the security of web applications. It provides a comprehensive checklist of security requirements and serves as a standard for verifying the security controls of an application.
Current version of CSVS is 4.0.3 and will be updated once 5.0 is released.
- Making apps safe by following good security rules.
- Checking if apps are safe through testing.
- Helping teams learn how to keep their apps secure.
It has 3 levels for how secure an app needs to be:
- Level 1 (Basic Security): For simple apps with no sensitive stuff.
- Level 2 (Standard Security): For apps with more risks, like an online store.
- Level 3 (High Security): For apps that need to be super secure, like a banking app.
And it has different categories like:
- Login security: Making sure passwords and logins are safe.
- Who can do what: Controlling what users can see or change.
- No bad inputs: Blocking hackers from breaking the app by sending bad data.
- Encryption: Scrambling sensitive info so hackers can’t read it.
- Error messages: Making sure errors don’t give hackers clues.
-
To give a visual checklist for testing of the three different levels.
-
To make an easier to understand and display of the OWASP ASVS.
-
Color guides for levels 1 through 3.
-
Added NIST scores and Common Weakness Enumeration(CWE) scores where available.
-
Collapsable trees to open or close information.
-
Quick searching with (Ctrl +F)
-
Easy to navigate interface with dragging and scrolling.
-
Download the .xmind file and add your own notes, branches.
-
Edit anything to your liking!