[Owasp-leaders] OWASP Application Security Verification Standard 3.0.1 released!

Andrew van der Stock vanderaj at owasp.org
Fri Jul 1 10:42:51 UTC 2016


Hi all,

I've updated GitHub, and the wiki ASVS page with a very very minor update,
which I will call 3.0.1a internally.

- Fixed July 2015 -> July 2016 on the front cover (d'oh!)
- Fixed redundancy in 1.11 as per Japanese translation update above
- Fixed corruption in Appendix A, 8.12

I've also uploaded the Word version to the wiki.

Please grab the new version if you have downloaded the old version.

thanks
Andrew


On Fri, Jul 1, 2016 at 1:48 AM, Mark Miller <mark.miller at owasp.org> wrote:

> I sat with Andrew to record an interview for an OWASP 24/7 Podcast Series
> on this project. It will be published early next week.
>
> On Wed, Jun 29, 2016 at 9:24 AM, Andrew van der Stock <vanderaj at owasp.org>
> wrote:
>
>> In other news, Jim Manico and I did two days of training at the beginning
>> of @AppSecEU, which we recorded.
>>
>> We're going to get that edited up and we'll release that training so
>> anyone can give our training deck in their local language, or get their
>> developers to watch it. The training slides are here:
>>
>> https://github.com/OWASP/ASVS/tree/master/training
>>
>> Jim and I have been discussing some of the revisions during our class
>> yesterday, so don't think we're going to rest on our laurels after release.
>>
>> If you have questions, want to translate the ASVS or the training
>> materials, please let us know.
>>
>> thanks,
>> Andrew
>>
>> On Wed, Jun 29, 2016 at 3:19 PM, Andrew van der Stock <vanderaj at owasp.org
>> > wrote:
>>
>>> Hi there,
>>>
>>> I am pleased to announce that through the auspices of the most awesome
>>> AppSec EU Project Summit, the OWASP Application Security Verification
>>> Standard 3.0.1 has been released!
>>>
>>>
>>> https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#tab=Downloads
>>>
>>> List of changes:
>>> https://github.com/OWASP/ASVS/issues?q=milestone%3A3.0.1+is%3Aclosed
>>>
>>> Thank you to all those who logged issues, these have all been resolved,
>>> making 3.0.1 a much cleaner standard! If you find an issue that needs
>>> resolving, please log them directly in GitHub.
>>>
>>> I think the next version will be v4.0 and let's set a date of AppSec USA
>>> 2017, with working parties at each of the Project Summits at AppSec USA
>>> 2016 and AppSec EU 2017.
>>>
>>> Some ideas for future topics of conversation
>>>
>>> * Add infrastructure / platform section
>>> * Add SDLC section
>>> * Revamp architecture section
>>> * Add more requirements on single page application (SPA) applications
>>> * Add more DOM protection issues
>>> * Consider if we need to add an IoT section
>>> * Closer integration with the killer OWASP SKF project (GET IT!)
>>> * Closer integration with all the other killer OWASP Guides
>>> * Consider breaking into Core, Mobile, App, SPA, IoT, Web Service so you
>>> can mix and match
>>> * Maintain all existing sections, weeding out old or ambiguous
>>> requirements
>>>
>>> If you feel you have something to contribute, either log issues marked
>>> as "4.0" milestone, or mail the ASVS mail list, or mail one of the project
>>> leaders! Actively looking for more contributors!
>>>
>>> thanks,
>>> Andrew
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> *Mark Miller, Senior Storyteller*
> *Curator and Founder, Trusted Software Alliance*
>
> *Host and Executive Producer, OWASP 24/7 Podcast ChannelCommunity
> Advocate, Sonatype*
>
> *Developers and Application Security: Who is Responsible?*
> <https://www.surveymonkey.com/s/Developers_and_AppSec>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160701/7425d5d2/attachment-0001.html>


More information about the OWASP-Leaders mailing list