OWASP’s Application Security Verification Standard (ASVS) is one of the few comprehensive guides of security requirements for applications. The 4.0 version, released in March 2019 represents a significant update with many new features as well as structural changes.
In this session, Josh, one of the project co-leaders, will go through what the ASVS is and how it is put together for those who are new to it and also what has changed in this new version.
He will also talk through some of the more interesting new requirements, how you can use the standard in your day job and how you can help shape the future of this important standard.
Resources mentioned in this session:
More about OWASP ASVS:
@OWASP_ASVS (ASVS on Twitter)
https://github.com/OWASP/ASVS (ASVS on GitHub)
https://app.slack.com/client/T04T40NHX/C06MNF14M (#project-asvs on OWASP Slack)
Josh has worked as a consultant in IT Security and Risk for over a decade now as well as a Software Developer. In that time, he has seen the good, the bad and the stuff which is sadly/luckily still covered by an NDA. As Head of Security Services for AppSec Labs, a boutique application security consultancy, he leads application penetration tests as well as supporting and advising clients on all aspects of the Secure Development Lifecycle. His aim is to help development teams better secure themselves and their applications. He is on the OWASP Israel chapter board and is a project leader for the OWASP Application Security Verification Standard.