Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect / PS - Platform / AppSec

OWASP Application Security Verification Standard (ASVS) 5.0

This document focuses on:

The OWASP Application Security Verification Standard (ASVS) is a comprehensive framework that defines security requirements for designing, developing, and testing web applications and APIs. It is organized into 14 chapters, each covering specific areas such as authentication, access control, data protection, session management, error handling, and more.

ASVS v4 introduces three security verification levels: Level 1 (basic security for all applications), Level 2 (enhanced controls for applications handling sensitive data), and Level 3 (the highest assurance for critical applications, such as those in finance or healthcare). The standard aligns with industry guidelines like NIST 800-63-3 and PCI DSS, and aims to make security requirements more accessible and actionable for developers, security professionals, and organizations throughout the software development lifecycle.

ASVS 5.0 RC1 is ready for your review, and final version will be published very soon.


Publication's URL

https://owasp.org/www-project-application-security-verification-standard/

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *