July 2018
Intermediate to advanced
356 pages
9h 18m
English
Content preview from Hands-On Security in DevOps
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
OWASP Application Security Verification Standard (ASVS)
The OWASP ASVS defines the following security requirements at the time of writing, in 2018. Some section numbers were skipped because they were incorporated into other sections:
- ASVS V1 Architecture
- ASVS V2 Authentication
- ASVS V3 Session Management
- ASVS V4 Access Control
- ASVS V5 Input Validation and Output Encoding
- ASVS V7 Cryptography
- ASVS V8 Error Handling
- ASVS V9 Data Protection
- ASVS V10 Communications
- ASVS V13 Malicious Code
- ASVS V15 Business Logic Flaws
- ASVS V16 Files and Resources
- ASVS V17 Mobile
- ASVS V18 API
- ASVS V19 Configuration
- ASVS V20 Internet of Things
The OWASP ASVS defines three levels of security requirements. Take V7: Cryptography at rest as examples; in level-1 applications, ...