OWASP ASVS: your balanced appsec diet

SCA Runtime Protection

Build strength, fitness and peace of mind!

In this webinar, application security heavyweights Jim Manico (OWASP Top Ten contributor), Farshad Abasi (OWASP Chapter Lead), and Julius Musseau will talk about the best thing that can happen to you if your application security team is overwhelmed, overworked and over-worried.

What you will learn in this section:

Are you thinking of establishing a balanced appsec process, or are you looking at fine-tuning your existing process?

  • The first application security standard by developers for developers!
  • That defines three risk levels with 200+ controls.
  • And gives you a similar value to ISO 27034 for a fraction of the hassle.



The OWASP Application Security Verification Standard (ASVS) is a balanced way for organizations to approach application security and align it with their organization’s risk appetite and resources.

ASVS is a set of best practices that can be used by any organization, large or small, to assess the security of their applications. It takes a proactive, risk-based approach to secure applications and is designed to be flexible enough for you to customize it for your specific needs.

It captures the totality of global APPSEC knowledge for securing web applications and web APIs.

Current Version: 4.0.3 

How can a company best implement ASVS?

It depends on what they are doing, so if the company is building an application, if they’re building software in-house, then the best place to start is to make sure that they’re using it as requirements right. So if you’re on your journey, even if you’re part way through your journey or all the way there, if you’re building software and you’re like, “hey, what are my security requirements?” and usually everyone looks at each other in the team, and they throw their hands up.

It has been seen in some situations that they’re like: “well, we have no idea what the security requirements are,” or at best, they’ll be very high level while “we need to comply with sock too.” So, the best place to start is to take ASVS and say there are my security requirements. Define which level is appropriate for your company, take this as a requirement, and test it internally.

Summing up, start with the requirements and prepare for being tested.

Check the list the requirements on GitHub.

Did you like this webinar? Don’t miss the next ones! Secure your spot today!

About the Author

Oscar van der Meer

Inspiring leadership and innovative technology expertise in Digital, Payments, Finance and Artificial Intelligence.