Introduction to ASVS | Infosec
Web applications are everywhere, from small scale businesses to large scale businesses, from personal portfolios to social media, from private industries to government everything depends on the web application.
Blossoming of smartphone applications doesn't affect the necessitates of the web application over these two decades. so many transactions, businesses, personal data are shared in the web application so many benefits we are getting from it. There should be always two consequences for everything like goods, bad things are also falling a lot on this type of application.
Even well-developed application definitely has vulnerabilities, according to a stats the rate of vulnerabilities that an application have, not seen a major difference over the last few years like shown below.
you might think, pen-testing/security audit on the application must reduce the risk/vulnerabilities in the application, yes it does but not completely. a secure application is what developed with security in mind.
so a secure application requires a secure developer. the developer nowadays has no time to learn the security issues and stuff in it. so keeping this in mind the OWASP team might come up with a verification standard called ASVS
Unlike OWASP top 10, ASVS is verification standard which both developer and tester can use to verify the application’s security.
ASVS (aka) Application Security Verification Standard is a framework developed by the community of peoples which consists of controls and security requirements for a secure application and it discusses both functional and nonfunctional security controls required for developing and testing the application to achieve more security. ASVS categorized the application into three levels according to the amount of secureness that the application should need.
Level 1: This is the bare minimum level which every application should have to undergo
Level 2: Applications that handle sensitive data and are like moderate kinds of applications like entertaining websites, a commercial website.
Level 3: These are the more sensitive website deals with more confidential data like government and social media websites
That's it, for now, guys hope you learn something,
Thanks for reading.
