[Owasp-leaders] OWASP Application Security Verification Standard 3.0.1 released!

Andrew van der Stock vanderaj at owasp.org
Wed Jun 29 13:24:43 UTC 2016

In other news, Jim Manico and I did two days of training at the beginning
of @AppSecEU, which we recorded.

We're going to get that edited up and we'll release that training so anyone
can give our training deck in their local language, or get their developers
to watch it. The training slides are here:


Jim and I have been discussing some of the revisions during our class
yesterday, so don't think we're going to rest on our laurels after release.

If you have questions, want to translate the ASVS or the training
materials, please let us know.


On Wed, Jun 29, 2016 at 3:19 PM, Andrew van der Stock <vanderaj at owasp.org>

> Hi there,
> I am pleased to announce that through the auspices of the most awesome
> AppSec EU Project Summit, the OWASP Application Security Verification
> Standard 3.0.1 has been released!
> https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#tab=Downloads
> List of changes:
> https://github.com/OWASP/ASVS/issues?q=milestone%3A3.0.1+is%3Aclosed
> Thank you to all those who logged issues, these have all been resolved,
> making 3.0.1 a much cleaner standard! If you find an issue that needs
> resolving, please log them directly in GitHub.
> I think the next version will be v4.0 and let's set a date of AppSec USA
> 2017, with working parties at each of the Project Summits at AppSec USA
> 2016 and AppSec EU 2017.
> Some ideas for future topics of conversation
> * Add infrastructure / platform section
> * Add SDLC section
> * Revamp architecture section
> * Add more requirements on single page application (SPA) applications
> * Add more DOM protection issues
> * Consider if we need to add an IoT section
> * Closer integration with the killer OWASP SKF project (GET IT!)
> * Closer integration with all the other killer OWASP Guides
> * Consider breaking into Core, Mobile, App, SPA, IoT, Web Service so you
> can mix and match
> * Maintain all existing sections, weeding out old or ambiguous requirements
> If you feel you have something to contribute, either log issues marked as
> "4.0" milestone, or mail the ASVS mail list, or mail one of the project
> leaders! Actively looking for more contributors!
> thanks,
> Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160629/685bd9f1/attachment.html>

More information about the OWASP-Leaders mailing list