OWASP Developer Guide

Guides for Security Gap Analysis

11.1 Security gap analysis guides

Security gap analysis and security gap evaluation are central to Governance, Risk & Compliance activities and are used to gain and maintain certification to a management system standard such as ISO 27001 ‘Information security, cybersecurity and privacy protection’.

Guidance is important for these analysis and evaluation activities, with the OWASP projects SAMM, MASVS and ASVS providing this information and advice.


11.1.1 Software Assurance Maturity Model
11.1.2 Application Security Verification Standard
11.1.3 Mobile Application Security

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.