Example

Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.

Jump to an event

• Meet the ASVS team at Global AppSec San Francisco 2024
• OWASP ASVS Community Meetup - Lisbon 2024

Meet the ASVS team at Global AppSec San Francisco 2024

You can meet some of the ASVS team and hear about using the ASVS at OWASP Global AppSec San Francisco 2024 happening between 23-27 September.

Get updated on the ASVS

Two of our working group, Shanni Prutchi and Ryan Armstrong will be delivering a short talk about the ASVS project and the latest developments and plans.

You can catch them at 14:15 on Friday afternoon in the Bayview A room. Add it to your conference schedule here.

(Ryan and Shanni are also doing their own excellent talks at the conference so dont forget to check those out here and here!)

Hear about using the ASVS

Shortly afterwards, Aram Hovsepyan will be giving a talk about “Maturing Your Application Security Program with ASVS-Driven Development”. In the talk Aram explains how leveraging ASVS for deriving security test cases can create a common theme across all stages of the software development lifecycle.

If you are interested in how to apply ASVS in your development teams, add it to your conference schedule here.

Engage with the Community

Our new Community Manager Matthew Aderhold will also be at the conference so make sure you catch him to grab some stickers, talk to him about how you are using ASVS and get more information on how you can engage with the ASVS community! He will be there from day 1 of the training so you have plenty of time to catch him!

If you have contributed to the ASVS, make sure you let him know as he will have some special shiny stickers for contributors!

We hope to see you there at Global AppSec San Francisco 2024

OWASP ASVS Community Meetup - Lisbon 2024

We held a community meetup for the ASVS project as part of Global AppSec Lisbon on 27th June 2024!

Jim Manico gave the opening keynote to reintroduce the ASVS and the background behind the project and we had some other great talks as well!

There was also an update on the current status of the standard and time allocated to work on the upcoming version 5.0.

You can see full details in the blog post we published about it: https://owasp.org/blog/2024/07/03/asvs-community-meetup.html

Additionally, we would love to get more community members involved in the ASVS and other than working on the standard we also have information about other volunteering opportunities to help develop and promote the project! See the “Get Involved” tab above!.

Full Agenda

You can see the current agenda we had here.

View the ASVS Community Meetup schedule.

Meetup Supporter

Thanks to our friends at Jit for supporting this exciting initiative!

ASVS Supporters

Introduction

Within the ASVS project, we gratefully recognise the following organizations who support the OWASP Application Security Verification Standard project through monetary donations or allowing contributors to spend significant time working on the standard as part of their work with the organization.

We recognise various tiers of support and the amount of time the supporter is recognised for depends on the supporter level.

On this page and the project web page, we will display the supporter’s logo and link to their website and we will publicise via Social Media as well.

If you would like to directly become a Primary, Secondary or Tertiary supporter, you can make a donation to OWASP of $1,000 or more and choose to “restrict your gift”. Alternatively, when you pay your corporate membership you can choose to allocate part of your membership fee to the ASVS where the allocated amount will govern which level of supporter you become.

Maintaining Supporters (through time provision)

Organizations who have allowed contributors to spend significant time working on the standard as part of their working day with the organization. This will be evaluated at the sole discretion of the project leaders. Supporter will be listed 2 years from the end of the time provision.

Primary supporters

Organizations who have donated $7,000 or more to the project via OWASP. Supporter will be listed in this section for 3 years from the date of the donation.

Secondary supporters

Organizations who have donated $3,000 or more to the project via OWASP. Supporter will be listed in this section for 2 years from the date of the donation.

Tertiary supporters

Organizations who have donated $500 or more to the project via OWASP. Supporter will be listed in this section for 1 year from the date of the donation.

Associate supporters

Organizations who have donated another amount to the project via OWASP. Supporter will be listed in this section for 1 year from the date of the donation.

News and Events

• [01 June 2024] Announcing the first OWASP ASVS Community Meetup at Global AppSec Lisbon!
• [22 May 2022] Started recognising time and financial supporters of the ASVS.
• [15 May 2022] The plan and roadmap towards ASVS version 5.0 was announced!
• [28 October 2021] ASVS 4.0.3 released!
• [27 October 2020] ASVS 4.0.2 released!
• [2 March 2019] ASVS 4.0.1 released!
• [9 March 2018] OWASP ASVS 3.1 Spreadsheet created by August Detlefsen
• [29 June 2016] Version 3.0.1 released
• [9 Oct 2015] Version 3.0 released
• [20 May 2015] “First Cut” Version 3.0 released
• [11 Aug 2014] Version 2.0 released

Acknowledgements

Note that since 4.x, contributors have been acknowledged in the “Frontispiece” section at the start of the ASVS document itself.

Time and financial supporters are recognised on the “Supporters” tab.

Volunteers

Version 3 (2015)

Project Leaders

• Daniel Cuthbert
• Andrew van der Stock

Lead Author

• Jim Manico

Other reviewers and contributors

• Boy Baukema
• Ari Kesäniemi
• Colin Watson
• François-Eric Guyomarc’h
• Cristinel Dumitru
• James Holland
• Gary Robinson
• Stephen de Vries
• Glenn Ten Cate
• Riccardo Ten Cate
• Martin Knobloch
• Abhinav Sejpal
• David Ryan
• Steven van der Baan
• Ryan Dewhurst
• Raoul Endres
• Roberto Martelloni

Version 2 (2014)

Project leaders

• Sahba Kazerooni
• Daniel Cuthbert

Lead authors

• Andrew van der Stock
• Sahba Kazerooni
• Daniel Cuthbert
• Krishna Raja

Other reviewers and contributors

• Jerome Athias
• Boy Baukema
• Archangel Cuison
• Sebastien.Deleersnyder
• Antonio Fontes
• Evan Gaustad
• Safuat Hamdy
• Ari Kesäniemi
• Scott Luc
• Jim Manico
• Mait Peekma
• Pekka Sillanpää
• Jeff Sergeant
• Etienne Stalmans
• Colin Watson
• Dr. Emin İslam Tatlı

Translators

• Abbas Javan Jafari (Persian)
• Sajjad Pourali (Persian)

Version 2009

Project leader

• Mike Boberski

Lead authors

• Mike Boberski
• Jeff Williams
• Dave Wichers

Other reviewers and contributors

Pierre Parrend (OWASP Summer of Code), Andrew van der Stock, Nam Nguyen, John Martin, Gaurang Shah, Theodore Winograd, Stan Wisseman, Barry Boyd, Steve Coyle, Paul Douthit, Ken Huang, Dave Hausladen, Mandeep Khera Scott Matsumoto, John Steven, Stephen de Vries, Dan Cornell, Shouvik Bardhan, Dr. Sarbari Gupta, Eoin Keary, Richard Campbell, Matt Presson, Jeff LoSapio, Liz Fong, George Lawless, Dave van Stein, Terrie Diaz, Ketan Dilipkumar Vyas, Bedirhan Urgun, Dr. Thomas Braun, Colin Watson, Jeremiah Grossman.

OWASP Summer of Code 2008

The OWASP Foundation sponsored the OWASP Application Security Verification Standard Project during the OWASP Summer of Code 2008.

Volunteer for the ASVS

Building the standard

We are always looking for people to help out with building the standards and discussing what should be in there.

You can find information on contributing to the standard in the Contribution Guide.

Helping in other ways

We are looking for volunteers to help with the following tasks. We are working on the ASVS all year around and you should expect to have to spend a few hours a week working on your tasks on average. Some of the tasks may be more intensive such as building scripts or GitHub actions.

If any of these roles sound like a good fit for you, please get in touch! Students and non-tech people are welcome to apply, especially folks in the community who are trying to get into the security space but don’t know how, as being involved in an OWASP project like this can provide valuable experience.

The latest list of roles is here:

Public ASVS jobs board

You can submit your interest here:

Volunteer for the ASVS!

ASVS Users

CREST OWASP Verification Standard (OVS) Programme

The CREST OWASP OVS Programme accredits companies that provide app security testing services to the application development industry. The testing to be performed is based on the ASVS (and MASVS) projects.

App Defense Alliance

The App Defense Alliance has based its Cloud Application Security Assessment (CASA) program on the ASVS project.

Other users

A broad range of companies and agencies around the globe have added ASVS to their software assurance tool boxes, including:

• Booz Allen Hamilton
• CGI Federal
• Denim Group
• Etebaran Informatics
• Inspectiv - “We use ASVS in our pen tests in order to have a comprehensive, vendor neutral, guideline for testing the security of applications and websites.”
• Minded Security
• Nixu
• NVISO - “We use the ASVS as a baseline for our Web Application Penetration Tests.”
• Pensive Security
• ps_testware
• Proactive Risk
• Quince Associates Limited (SeeMyData)
• ReqView - “We use the ASVS as a document template in ReqView requirements management tool and demonstrate its usage in our Example project.”
• Serviço Federal de Processamento de Dados (SERPRO)
• Universidad Distrital Francisco José de Caldas

Organizations listed are not accredited by OWASP. Neither their products or services have been endorsed by OWASP. Use of ASVS may include for example providing verification services using the standard. Use of ASVS may also include for example performing internal evaluation of products with the OWASP ASVS in mind, and NOT making any claims of meeting any given level in the standard. Please let us know how your organization is using OWASP ASVS. Include your name, organization’s name, and brief description of how you use the standard. The project leads can be reached using the contact details on the main page.