This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Application Security Verification Standard Project"

From OWASP

Jump to: navigation, search

Revision as of 18:51, 13 April 2009

About

OWASP Standards Initiatives

Application Security Verification Standards (ASVS)

Application Security Verification Standards are specifications produced by OWASP in cooperation with secure applications developers and verifiers worldwide for the purpose of accelerating the deployment of secure web applications. First published in 2008 as a result of an OWASP Summer of Code grant and meetings with a small group of early adopters, the ASVS documents have become widely referenced and implemented.

Further development of ASVS occurs through mailing list discussions and occasional workshops, and suggestions for improvement are welcome. For more information, please contact us.

Application Security Verification Standards:

FAQ

This project has produced a book that can be downloaded or purchased.
Feel free to browse the full catalog of available OWASP books.

More About OWASP ASVS

Project Presentation (PowerPoint)
Executive-Level Presentation (PowerPoint)
Presentation Abstract (Word)
One Page Datasheet (PDF, Word)
Articles (More About ASVS and Using It)

Related projects

Web Application Edition

ASVS #1: Web Application Verification Standard

This document defines four levels of application security verification for web applications. Each level includes a set of requirements for verifying the effectiveness of security controls that protect applications.

Beta Version

ASVS #1 v2008: Web Application Verification Standard Word, PDF

Alpha Version

ASVS #1 v2008: Web Application Verification Standard PDF, Word

Web Service Edition

Web Service Edition of ASVS - First release is under development

Details will be filled in as work progresses. Volunteers wanted!
Contact Mike Boberski for further details.

Cloud Computing Edition

Cloud Computing Edition of ASVS - Under consideration

Contact Mike Boberski for further details.

Client Server Edition

Client Server of ASVS - Under consideration

Contact Mike Boberski for further details.

News

Project News

04/08/2009 - OWASP ASVS users and adopters list updated to include ps_testware

04/06/2009 - OWASP ASVS users and adopters list updated to include Federal Deposit Insurance Corporation (FDIC)

03/13/2009 - OWASP ASVS is presented by Dave Wichers at OWASP Software Assurance Day DC 2009 in conjunction with the Software Assurance Forum sponsored by the US Department of Homeland Security, Department of Defense and National Institute of Standards and Technology.

02/25/2009 – OWASP ASVS proposed updates based on pilots being considered.

01/22/2009 - OWASP ASVS has been integrated into the OWASP Secure Software Contract Annex in the OWASP Legal Project.

01/08/2009 - OWASP ASVS is presented by Mike Boberski at the OWASP Washington VA Local Chapter meeting.

12/29/2008 - OWASP ASVS is the subject of an article by DarkReading.

12/08/2008 - OWASP ASVS Final assistance required! Please join the mailing list for more information and assignments.

12/05/2008 - OWASP ASVS exits the Summer of Code 2008! The Beta draft of the Web Application Edition is released! Mike Boberski, Jeff Williams, and Dave Wichers are the primary authors.

11/03/2008 - OWASP ASVS is presented by Jeff Williams at OWASP EU Summit 2008.

10/03/2008 - OWASP ASVS Alpha draft is released! Mike Boberski is the primary author.

04/16/2008 - OWASP ASVS Summer of Code 2008 proposal submitted by Mike Boberski wins!

Project Mail List
Subscribe here
Use here

Contributors/Users

Project Leader
Mike Boberski

Project Contributors
Jeff Williams
Dave Wichers

The OWASP ASVS project is co-sponsored by:

Users and Adopters

Pilots are already underway at various companies and agencies around the globe. A broad range of companies and agencies around the globe are also using OWASP ASVS, including:

Please let us know how your organization is using OWASP ASVS. Include your name, organization's name, and brief description of how you use the standard. The project lead can be reached at [email protected] Thanks for supporting OWASP!

Subscribe to the RSS ASVS announcement feed here
This project licensed under the Licensed under Creative Commons Attribution ShareAlike 3.0.

Articles Below - More About ASVS and Using It

Pages in category "OWASP Application Security Verification Standard Project"

The following 21 pages are in this category, out of 21 total.

A

C

Code Reviews and Other Verification Activities: USELESS Unless Acted Upon IMMEDIATELY

H

M

Man vs. Code

O

P

S

Some Guidance on the Verification Process

W

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Application_Security_Verification_Standard_Project&oldid=58853"

Category:

OWASP Books

@@ Line 3: / Line 3: @@
 Proj_About=
 [[Image:Asvs-bannerbug.JPG|275px|right]]
-'''What is ASVS?'''
+''OWASP Standards Initiatives''
-Whereas the [[OWASP Top Ten Project]] is a tool that provides web application security awareness, the OWASP "Application Security Verification Standard" (also known as "ASVS") is a commercially-workable open standard that defines ranges in coverage and levels of rigor that can be used to perform application security verifications. There are three main parts to ASVS. ASVS defines (1) levels of application-level security verification that increase in breadth and depth as one moves up the levels, (2) verification requirements that prescribe a unique white-list approach for security controls, and (3) reporting requirements that ensure reports are sufficiently detailed to make verification repeatable. OWASP ASVS is the first standard that OWASP has published, and ASVS is the first internationally-recognized standard for performing application security assessments! There are currently versions in English.
+'''Application Security Verification Standards (ASVS)'''
-<br>'''What are some examples of how ASVS can be used?'''
+Application Security Verification Standards are specifications produced by OWASP in cooperation with secure applications developers and verifiers worldwide for the purpose of accelerating the deployment of secure web applications. First published in 2008 as a result of an OWASP Summer of Code grant and meetings with a small group of early adopters, the ASVS documents have become widely referenced and implemented.
-* Web application developers can use ASVS as a yardstick with which to assess the degree of trust that can be placed in their web applications,
+Further development of ASVS occurs through mailing list discussions and occasional workshops, and suggestions for improvement are welcome. For more information, please [mailto:[email protected] contact us].
-* Security control developers can use ASVS as guidance as to what to build into controls in order to satisfy web application security requirements, and
-* ASVS can be used as a basis for specifying web application security verification requirements in contracts.
-<br>'''What's new?'''
+Application Security Verification Standards:
-* OWASP ASVS users/adopters updated to include [http://www.pstestware.com/ ps_testware]. Are you a user/adopter? [mailto:mike.boberski@owasp.org Let us know!]
+* [http://www.owasp.org/index.php?title=Category:OWASP_Application_Security_Verification_Standard_Project&action=submit#tab=Web_Application_Edition ASVS #1: Web Application Verification Standard]
-* OWASP ASVS users/adopters updated to include [http://www.fdic.gov Federal Deposit Insurance Corporation (FDIC)]. Are you a user/adopter? [mailto:mike.boberski@owasp.org Let us know!]
+* [http://www.owasp.org/index.php?title=Category:OWASP_Application_Security_Verification_Standard_Project&action=submit#tab=Web_Service_Edition ASVS #2: Web Service Verification Standard]
-* OWASP ASVS was presented by [[User:Wichers|Dave Wichers]] at [http://www.owasp.org/index.php/OWASP_Software_Assurance_Day_DC_2009 OWASP Software Assurance Day DC 2009] in conjunction with the Software Assurance Forum sponsored by the US Department of Homeland Security, Department of Defense and National Institute of Standards and Technology.
+* [http://www.owasp.org/index.php?title=Category:OWASP_Application_Security_Verification_Standard_Project&action=submit#tab=Cloud_Computing_Edition ASVS #3: Cloud Verification Standard]
+* [http://www.owasp.org/index.php?title=Category:OWASP_Application_Security_Verification_Standard_Project&action=submit#tab=Client_Server_Edition ASVS #4: Client-Server Verification Standard]
+* [http://www.owasp.org/index.php?title=Category:OWASP_Application_Security_Verification_Standard_Project&action=submit#tab=Latest_News_and_Mail_List ASVS Mailing Lists]
+* [http://www.owasp.org/index.php?title=Category:OWASP_Application_Security_Verification_Standard_Project&action=submit#tab=Latest_News_and_Mail_List ASVS News Archives]
@@ Line 34: / Line 35: @@
 <br>'''More About OWASP ASVS'''
 <br>
-[[Image:Asvs_ppt.JPG|thumb|110px|left|Project Presentation]]
 * Project Presentation ([http://www.owasp.org/images/5/52/About_OWASP_ASVS_Web_Edition.ppt PowerPoint])
 * Executive-Level Presentation ([http://www.owasp.org/images/9/99/About_OWASP_ASVS_Executive_Presentation.ppt PowerPoint])
 * Presentation Abstract ([http://www.owasp.org/images/1/10/OWASP_ASVS_Presentation_Abstract.doc Word])
 * One Page Datasheet ([http://www.owasp.org/index.php/Image:ASVS_One_Page_Handout.pdf PDF], [http://www.owasp.org/images/6/60/ASVS_One_Page_Handout.doc Word])
-* [http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#Articles_Below_-_More_About_ASVS_and_Using_It Articles - More About ASVS and Using It]
+* Articles [http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#Articles_Below_-_More_About_ASVS_and_Using_It (More About ASVS and Using It)]
 '''Related projects'''
-[[Image:Owasp-projects-page.jpg|thumb|110px|left|Projects Page]]
 * [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top Ten]
 * [http://www.owasp.org/index.php/Category:OWASP_Legal_Project OWASP Legal Project]
 * [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP ESAPI]
 <br>
 ====Web Application Edition====
-'''Web Application Edition of OWASP ASVS - Beta (This is the current official release version)'''
+'''ASVS #1: Web Application Verification Standard'''
-<br>
-[[Image:Beta_cover.JPG|thumb|90px|left|Beta Release]]
-Download free:
-'''OWASP ASVS - Beta'''
+This document defines four levels of application security verification for web applications. Each level includes a set of requirements for verifying the effectiveness of security controls that protect applications.
-* Web Application Edition ([[:Image:OWASP ASVS Web Edition 2008 Beta.pdf|PDF]], [[:Image:OWASP ASVS Web Edition 2008 Beta.doc|Word]])
+'''Beta Version'''
+* ASVS #1 v2008: Web Application Verification Standard [[:Image:OWASP ASVS Web Edition 2008 Beta.doc|Word]], [[:Image:OWASP ASVS Web Edition 2008 Beta.pdf|PDF]]
+'''Alpha Version'''
+* ASVS #1 v2008: Web Application Verification Standard [[:Image:OWASP ASVS Web Edition 2008 Alpha.pdf|PDF]], [[:Image:OWASP ASVS Web Edition 2008 Alpha.doc|Word]]
-'''Web Application Edition of OWASP ASVS Alpha Downloads'''
-<br>
-[[Image:Alpha_cover.JPG|thumb|90px|left|Alpha Release]]
-Download free:
-'''OWASP ASVS - Alpha'''
-* Web Application Edition ([[:Image:OWASP ASVS Web Edition 2008 Alpha.pdf|PDF]], [[:Image:OWASP ASVS Web Edition 2008 Alpha.doc|Word]])

Difference between revisions of "Category:OWASP Application Security Verification Standard Project"

Revision as of 18:51, 13 April 2009

About

FAQ

Web Application Edition

Web Service Edition

Cloud Computing Edition

Client Server Edition

News

Contributors/Users

Articles Below - More About ASVS and Using It

Pages in category "OWASP Application Security Verification Standard Project"

A

C

H

M

O

P

S

W

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools