OWASP Application Security Verification Standard (ASVS) - Revision history

Sbarnum at 14:59, 23 March 2009

2009-03-23T14:59:34Z

Sbarnum at 15:58, 13 March 2009

2009-03-13T15:58:30Z

Sbarnum at 15:58, 13 March 2009

2009-03-13T15:58:16Z

Wichers: /* The Speaker: Dave Wichers */

2009-03-12T22:35:07Z

‎The Speaker: Dave Wichers

Sbarnum: New page: ==The Presentation: "OWASP Application Security Verification Standard (ASVS)"== Providers of web application security verification services can take wildly different approaches and levels...

2009-02-25T06:20:31Z

New page: ==The Presentation: "OWASP Application Security Verification Standard (ASVS)"== Providers of web application security verification services can take wildly different approaches and levels...

New page

==The Presentation: "OWASP Application Security Verification Standard (ASVS)"==

Providers of web application security verification services can take wildly different approaches and levels of rigor, ranging from using simple search tools to performing painstaking code review and manual testing. This process also typically involves searching for and only reporting vulnerabilities, but does not necessarily comment on what good security practices were found.
All of these problems have a single root cause: the lack of a standard for performing application-level security verification that can be used for any application without special interpretation. The OWASP Application Security Verification Standard (ASVS) was designed to normalize the range in coverage, level of rigor, and reporting requirements available in the market when it comes to performing application security verification.
By the end of this presentation, you will understand how OWASP ASVS defines:
* Levels of application-level security verification that increase in breadth and depth as one moves up the levels,
* Verification requirements that prescribe a unique white-list approach for security controls,
* Reporting requirements that ensure reports are sufficiently detailed to make verification repeatable, and to determine if the verification was accurate and complete.

==The Speaker: Dave Wichers==
Dave Wichers is a cofounder and the Chief Operating Officer (COO) of Aspect Security, a company that specializes in application security services. For OWASP, he is the volunteer OWASP Conferences Chair, a volunteer member of the OWASP Board, a coauthor of the OWASP Top 10 and the OWASP ASVS, and a contributor to the OWASP Enterprise Security API (ESAPI) project.

[[OWASP_Software_Assurance_Day_DC_2009#Agenda and Presentations:_13_March_2009|back to Presentation Agenda]]

@@ Line 8: / Line 8: @@
 * Reporting requirements that ensure reports are sufficiently detailed to make verification repeatable, and to determine if the verification was accurate and complete.
-Download: [[Media:About_OWASP_ASVS_Web_Edition.pdf‎ ‎| About OWASP ASVS Web Edition.pdf‎]]
+Download: [[Media:Wichers_-_About_OWASP_ASVS_Web_Edition_v2.pdf‎ ‎| About OWASP ASVS Web Edition.pdf‎]]
 ==The Speaker: Dave Wichers==

@@ Line 8: / Line 8: @@
 * Reporting requirements that ensure reports are sufficiently detailed to make verification repeatable, and to determine if the verification was accurate and complete.
-Download: [[Media:About_OWASP_ASVS_Web_Edition.pdf‎ ‎| About OWASP ASVS Web Edition.pdf‎ .ppt]]
+Download: [[Media:About_OWASP_ASVS_Web_Edition.pdf‎ ‎| About OWASP ASVS Web Edition.pdf‎]]
 ==The Speaker: Dave Wichers==

← Older revision		Revision as of 15:58, 13 March 2009
Line 8:		Line 8:
	* Reporting requirements that ensure reports are sufficiently detailed to make verification repeatable, and to determine if the verification was accurate and complete.		* Reporting requirements that ensure reports are sufficiently detailed to make verification repeatable, and to determine if the verification was accurate and complete.

		+	Download: [[Media:About_OWASP_ASVS_Web_Edition.pdf‎ ‎\| About OWASP ASVS Web Edition.pdf‎ .ppt]]

	==The Speaker: Dave Wichers==		==The Speaker: Dave Wichers==

@@ Line 10: / Line 10: @@
 ==The Speaker: Dave Wichers==
-Dave Wichers is a cofounder and the Chief Operating Officer (COO) of Aspect Security, a company that specializes in application security services. For OWASP, he is the volunteer  OWASP Conferences Chair, a volunteer member of the OWASP Board, a coauthor of the  OWASP Top 10 and the  OWASP ASVS, and a contributor to the  OWASP Enterprise Security API (ESAPI) project.
+Dave Wichers is a cofounder and the Chief Operating Officer (COO) of [http://www.aspectsecurity.com Aspect Security], a company that specializes in application security services. For OWASP, he is the volunteer [[:Category:OWASP_AppSec_Conference | OWASP Conferences]] Chair, a volunteer member of the [[About_OWASP#Global_Board_Members|OWASP Board]], a coauthor of the [[OWASP_Top_Ten_Project | OWASP Top 10]] and the [[ASVS | OWASP Application Security Verification Standard]], and a contributor to the [[ESAPI | OWASP Enterprise Security API (ESAPI)]] project.
 [[OWASP_Software_Assurance_Day_DC_2009#Agenda and Presentations:_13_March_2009|back to Presentation Agenda]]