https://wiki.owasp.org/index.php?action=history&feed=atom&title=Definition_for_Security_Assessment_Levels 2026-05-16T10:01:10Z Revision history for this page on the wiki MediaWiki 1.27.2 https://wiki.owasp.org/index.php?title=Definition_for_Security_Assessment_Levels&diff=219747&oldid=prev 2016-07-30T21:52:35Z

<p></p> <table class="diff diff-contentalign-left" data-mw="interface"> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;' lang='en'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 21:52, 30 July 2016</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td> <td colspan="2" class="diff-lineno">Line 1:</td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">{{taggedDocument</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">| type=historical</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">| link=:Category:OWASP_Top_Ten_Project#tab=OWASP_Top_10_for_2013</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">}}</ins></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==Overview==</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==Overview==</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> </table>

Johanna Curiel https://wiki.owasp.org/index.php?title=Definition_for_Security_Assessment_Levels&diff=9706&oldid=prev 2006-09-15T18:05:59Z

<p></p> <table class="diff diff-contentalign-left" data-mw="interface"> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;' lang='en'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 18:05, 15 September 2006</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l3" >Line 3:</td> <td colspan="2" class="diff-lineno">Line 3:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This article’s focus is to define, where practical, nomenclature and definitions of the differing security '''Assessment Levels'''.&#160; These levels rely on the '''Assessment Techniques''' defined elsewhere within this project.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This article’s focus is to define, where practical, nomenclature and definitions of the differing security '''Assessment Levels'''.&#160; These levels rely on the '''Assessment Techniques''' defined elsewhere within this project.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>==<del class="diffchange diffchange-inline">Techniques</del>==</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>==<ins class="diffchange diffchange-inline">Levels</ins>==</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''Note this is a working draft for discussion purposes and should not be relied upon. There is no guarantee that these levels will be used or will be stable for any purpose'''</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''Note this is a working draft for discussion purposes and should not be relied upon. There is no guarantee that these levels will be used or will be stable for any purpose'''</div></td></tr> </table>

Jeff Williams https://wiki.owasp.org/index.php?title=Definition_for_Security_Assessment_Levels&diff=9703&oldid=prev 2006-09-15T03:19:17Z

<p></p> <p><b>New page</b></p><div>==Overview==<br /> <br /> This article’s focus is to define, where practical, nomenclature and definitions of the differing security '''Assessment Levels'''. These levels rely on the '''Assessment Techniques''' defined elsewhere within this project.<br /> <br /> ==Techniques==<br /> <br /> '''Note this is a working draft for discussion purposes and should not be relied upon. There is no guarantee that these levels will be used or will be stable for any purpose'''<br /> <br /> The goal is to advance the levels in two dimensions, breadth and depth. Breadth is the coverage of the review across the space of security mechanisms and security vulnerabilities. Depth is the level of rigor applied to the analysis of the application.<br /> <br /> The following assessment levels are proposed:<br /> <br /> * AL1: Partial Application Security Check<br /> * AL2: Basic Application Security Check<br /> * AL3: Standard Application Security Verification<br /> * AL4: Enhanced Application Security Verification<br /> * AL5: Comprehensive Application Security Verification<br /> <br /> <br /> ==AL1: Partial Application Security Check==<br /> <br /> Automated scans (either external vulnerability scan or code scan or both) with minimal interpretation and verification.<br /> <br /> ==AL2: Basic Application Security Check==<br /> <br /> AL1 + verification of scan results using manual penetration testing and code review. Security areas not scanned (encryption, access control, etc...) must be lightly tested or code reviewed.<br /> <br /> ==AL3: Standard Application Security Verification==<br /> <br /> AL2 + verification of common security mechanisms and common vulnerabilities using either manual pentesting or code review or both. Not all instances of problems found. Sampling allowed.<br /> <br /> ==AL4: Enhanced Application Security Verification==<br /> <br /> AL3 + verification of all security mechanisms and vulnerabilities based on high level threat model (part of assessment if not provided) using either manual pentest or code review or both.<br /> <br /> ==AL5: Comprehensive Application Security Verification==<br /> <br /> AL4 + search for malicious code. All code must be manually reviewed against a standard and all security mechanisms tested.<br /> <br /> [[Category:OWASP Application Security Assessment Standards Project]]<br /> <br /> {{Template:Stub}}</div>

Jeff Williams