"Now there's an open industry standard for
Web application and Web service security: The Open Web Application
Security Project (OWASP) Foundation has released the Application Security Verification Standard (ASVS).
Mike Boberski, project lead and co-author of OWASP's ASVS Project, says
the main goal of the standard is to provide a commercial and workable
open standard for application security verification. The standard is
aimed at helping Web application developers with a "yardstick" to
assess the degree of security of their apps, and to help security folks
determine what to build into their apps security-wise, according to
Boberski. And the standard also can be used in procurements for
specifying security verification requirements, he says. This is OWASP's
first-ever standard.
ASVS includes four levels of security verification, each with specific
security requirements it must address. "It starts with Level 1,
prescribing the use of automated tools augmented with manual
verification," Boberski says. "It then progresses to Level 4, which
includes searching for malicious code manually.""
Read more: http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=212700095