« MD5 considered harmful today: Creating a rogue CA certificate | Main | Facebook, MySpace, Digg, and Ning Discuss Their Architectures »

OWASP releases Application Security Verification Standard for developers, security pros, and buyers

"Now there's an open industry standard for Web application and Web service security: The Open Web Application Security Project (OWASP) Foundation has released the Application Security Verification Standard (ASVS).

Mike Boberski, project lead and co-author of OWASP's ASVS Project, says the main goal of the standard is to provide a commercial and workable open standard for application security verification. The standard is aimed at helping Web application developers with a "yardstick" to assess the degree of security of their apps, and to help security folks determine what to build into their apps security-wise, according to Boberski. And the standard also can be used in procurements for specifying security verification requirements, he says. This is OWASP's first-ever standard.

ASVS includes four levels of security verification, each with specific security requirements it must address. "It starts with Level 1, prescribing the use of automated tools augmented with manual verification," Boberski says. "It then progresses to Level 4, which includes searching for malicious code manually.""

Read more: http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=212700095


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!