This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

GPC Project Details/OWASP Application Security Verification Standard Project

From OWASP
Jump to: navigation, search
PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What does this OWASP project release offer you?
what is this project?
OWASP Application Security Verification Standard Project

Purpose: The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications. The requirements were developed with the following objectives in mind:

  • Use as a metric - Provide application developers and application owners with a yardstick with which to assess the degree of trust that can be placed in their Web applications,
  • Use as guidance - Provide guidance to security control developers as to what to build into security controls in order to satisfy application security requirements, and
  • Use during procurement - Provide a basis for specifying application security verification requirements in contracts.

License: Creative Commons Attribution ShareAlike 3.0 license

who is working on this project?
Project Leader: Dave Wichers @

Project Maintainer:

Project Contributor(s):

how can you learn more?
Project Pamphlet: View

3x slide Project Presentation: View

Mailing list: Subscribe or read the archives

Project Roadmap: To view, click here

Main links:

Project Health: Greenlight.pngGreenlight.pngGreenlight.png Level 3 Project (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Dave Wichers @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
OWASP Application Security Verification Standard 2009 - Web Application Standard - 2009 - (download)

Release Leader: Dave Wichers @

Release details: Main links, release roadmap and assessment

Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release
To be reviewed under Assessment Criteria v2.0