[Owasp-leaders] [OWASP ASVS] OWASP Application Security Verification Standard 3.0.1 released!

John Patrick Lita john.patrick.lita at owasp.org
Thu Jun 30 12:42:22 UTC 2016

Congrats sir,Andrew! and the whole team behind ASVS

*John Patrick Lita *
Manager for cyber security and IT services
OWASP Manila chapter chairman
FB Page @OwaspManila <https://www.facebook.com/OwaspManila>

On Thu, Jun 30, 2016 at 3:08 PM, Jim Manico <jim.manico at owasp.org> wrote:

> I mostly use it as an aid to woo my dear wife since it reads like poetry.
> :)
> I also use ASVS in my developer training practice to standardize the
> courseware material I author. I also use it in my architectural analysis
> practice - I  fork ASVS with architect teams to help them build
> standards[1] for their company. I also use it with certain clients to help
> verify the work that their expensive pentest consultants deliver. I see
> ASVS as the heart of almost any aspect of an application security program.
> Aloha Daniel, Jim
> [1] I think just handing the ASVS standard to developers "from the
> security department" is a fundamentally bad idea. It's crucial to go
> through an acceptance process where developers/architects review each
> requirement with the security team and accept and re-prioritize each
> requirement as it fits into their technology stack and culture. Then ASVS
> is no longer a forced standard - but a standard that the developer teams
> "own". This is subtle but critical to success, IMO.
> On 6/30/16 8:36 AM, daniel cuthbert wrote:
> A huge thanks to all who submitted bugs and helped us get to another great
> release. If you've used it at your company, or on a project, would you mind
> dropping us a mail?
> Andrew, Jim and I would love to hear where/how you are using the ASVS.
> thanks again to everyone who contributed.
> On 29 June 2016 at 14:19, Andrew van der Stock <vanderaj at owasp.org> wrote:
>> Hi there,
>> I am pleased to announce that through the auspices of the most awesome
>> AppSec EU Project Summit, the OWASP Application Security Verification
>> Standard 3.0.1 has been released!
>> https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#tab=Downloads
>> List of changes:
>> https://github.com/OWASP/ASVS/issues?q=milestone%3A3.0.1+is%3Aclosed
>> Thank you to all those who logged issues, these have all been resolved,
>> making 3.0.1 a much cleaner standard! If you find an issue that needs
>> resolving, please log them directly in GitHub.
>> I think the next version will be v4.0 and let's set a date of AppSec USA
>> 2017, with working parties at each of the Project Summits at AppSec USA
>> 2016 and AppSec EU 2017.
>> Some ideas for future topics of conversation
>> * Add infrastructure / platform section
>> * Add SDLC section
>> * Revamp architecture section
>> * Add more requirements on single page application (SPA) applications
>> * Add more DOM protection issues
>> * Consider if we need to add an IoT section
>> * Closer integration with the killer OWASP SKF project (GET IT!)
>> * Closer integration with all the other killer OWASP Guides
>> * Consider breaking into Core, Mobile, App, SPA, IoT, Web Service so you
>> can mix and match
>> * Maintain all existing sections, weeding out old or ambiguous
>> requirements
>> If you feel you have something to contribute, either log issues marked as
>> "4.0" milestone, or mail the ASVS mail list, or mail one of the project
>> leaders! Actively looking for more contributors!
>> thanks,
>> Andrew
> _______________________________________________
> Owasp-application-security-verification-standard mailing listOwasp-application-security-verification-standard at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-application-security-verification-standard
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160630/4ef87dee/attachment.html>

More information about the OWASP-Leaders mailing list