Secure software with OWASP ASVS

Erlend Andreas Gjære | 25 May 2019

This post was originally written in Norwegian | Read original

Are you working on security requirements in software development, test or procurement? There is no need to re-invent the wheel. See the talk on how OWASP Application Security Verification Standard (ASVS) can help.

At the BSides Oslo conference, 23 May 2019, Erlend Andreas Gjære held a talk on OWASP ASVS. See his presentation in the video below, and download our  ASVS spreadsheet to get started yourself.

You may already be familiar with OWASP Top 10, which is well suited for creating awareness about the most common security vulnerabilities in web applications. However, OWASP ASVS provides a more proactive approach to application security, offering detailed requirements based on a chosen risk profile.

The talk shows both how OWASP ASVS is appropriate as a template for security requirements in both code you develop yourself, and for applications that are procured from others.

We have in addition expanded the ASVS spreadsheet with a few columns which allow us to measure status over time, relative to a maturity scale which is similar to what we do for ISO27001 controls in our company.

If you are interested in learning more about the security in our own cloud services, feel free to ask. And please use our dedicated channel if you happen to have found a potential security vulnerability with us.


See all posts →

Human security sensors ebook cover

Ready to get started?

We have written a guide for you to get started with human-centered security. Access our free resource now, and learn:

  • How to nurture drivers for employee engagement
  • How to avoid common obstacles for reporting
  • Practical examples and steps to get started

Download free PDF →