What’s ASVS?

OWASP’s Application Security Verification Standard is an audit standard published and continuously updated by the OWASP Foundation.

The goal of this project is to offer an open standard for testing applications environments and controls and offer a specific level of confidence in their security.

Auditing a project using this standard ensures and proves that it follows a standardized and objectively evaluable set of requirements which do not depend on your auditor(s) but on the standard itself.

This audit standard offers verifications for three security levels :

• Level 1 - The application is defended against easy to discover OWASP top 10 vulnerabilities
• Level 2 - The application defends against most of the risks associated with software today.
• Level 3 - ASVS Level 3 is the highest level of verification within the ASVS. This level is typically reserved for applications that require significant levels of security verification, such as those that may be found within areas of military, health and safety, critical infrastructure, etc.

Example taken from the official documentation:

Deliverable

Details of the standard are publicly available online and during an audit, your application(s) will be audited for each criterion depending on the security level you are tested for.

With those audits, fenrir.pro offers a certificate with a unique signature and QR Code, verifiable on certificates.fenrir.pro which includes your overall score for the chosen security level.

The contents of the ASVS Standard are available under the Creative Commons BY-SA 4.0 license.