Application Security Verification Standard

Track: Owasp Projects
When: Wed AM-1
Where: Owasp Projects
Participants Aurelijus Stanislovaitis Aurelijus Stanislovaitis , Claudio Camerino Claudio Camerino , Felipe Zipitria Felipe Zipitria , Sotiraki Sima Sotiraki Sima
Remote Participants Abhi Raj Abhi Raj , Devesh Bhatt Devesh Bhatt , Dougal Kennedy Dougal Kennedy , Harmeet Singh Harmeet Singh , Joset Zamora Joset Zamora , Prakash Sharma Prakash Sharma , Salma jalouqa Salma jalouqa , Sugumaran Uppili Sugumaran Uppili , Vinod Anandan Vinod Anandan

The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and a list of requirements for secure development for developers.


The Application Security Verification Standard is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, and even consumers to define what a secure application is.

ASVS has two main goals: - to help organizations develop and maintain secure applications - to allow security service, security tools vendors, and consumers to align their requirements and offerings


Risk analysis is always subjective and this is why we expect that there will most likely never be a 100% agreement on this standard. However, keeping the standard up-to-date is certainly a step in the right direction and it will enhance the overall concepts introduced in this important industry standard.


This Working Session will result in a short summary which will include the list of items that need to be updated, added, or changed in order to make the standard more applicable to modern applications.


The target audiences for this Working Session are: - Security champions - Security architects - DevOps Roles - CISOs

Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions): - ASVS 3.1 in English (pdf) - ASVS GitHub

Previous Summit Working Session

Register as participant

To register as participant add Application Security Verification Standard to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all Working Sessions