Application Security Verification Standard - Interactive Reference
The OWASP Application Security Verification Standard (ASVS) (v5) is a framework of security requirements and controls that help developers design, build, and test secure applications. It provides a basis for testing application technical security controls and gives developers a list of requirements for secure development.
Use for: Marketing sites, public blogs, internal wikis, prototypes, low-risk internal tools, documentation sites
Protects against: OWASP Top 10 vulnerabilities, basic automated attacks, common configuration errors
Use for: E-commerce platforms, SaaS applications, CRM systems, apps handling PII/PHI, business process automation, enterprise applications
Protects against: Targeted attacks, insider threats, business logic flaws, advanced persistent threats (APT)
Use for: Banking systems, payment processors, healthcare platforms (HIPAA), military applications, critical infrastructure (SCADA/ICS), high-value financial trading platforms
Protects against: Nation-state actors, sophisticated organized crime, zero-day exploits, supply chain attacks
| ID | Chapter | Section | Description | Level |
|---|---|---|---|---|
| Loading data... | ||||