OWASP ASVS

Control Objective Security architecture has almost become a lost art in many organizations. The days of the enterprise architect have...

Control Objective Authentication is the act of establishing, or confirming, someone (or something) as authentic and that claims made by...

Control Objective One of the core components of any web-based application or stateful API is the mechanism by which it...

Control Objective Authorization is the concept of allowing access to resources only to those permitted to use them. Ensure that...

Control Objective The most common web application security weakness is the failure to properly validate input coming from the client...

Control Objective Ensure that a verified application satisfies the following high level requirements: All cryptographic modules fail in a secure...

Control Objective The primary objective of error handling and logging is to provide useful information for the user, administrators, and...

Control Objective There are three key elements to sound data protection: Confidentiality, Integrity and Availability (CIA). This standard assumes that...

Control Objective Ensure that a verified application satisfies the following high level requirements: TLS or strong encryption is always used,...

Control Objective Ensure that the code satisfies the following high level requirements: Malicious activity is handled securely and properly to...