[Owasp-leaders] OWASP Application Security Verification Standard 3.0.1 released!

Mark Miller mark.miller at owasp.org
Thu Jun 30 23:48:16 UTC 2016

I sat with Andrew to record an interview for an OWASP 24/7 Podcast Series
on this project. It will be published early next week.

On Wed, Jun 29, 2016 at 9:24 AM, Andrew van der Stock <vanderaj at owasp.org>

> In other news, Jim Manico and I did two days of training at the beginning
> of @AppSecEU, which we recorded.
> We're going to get that edited up and we'll release that training so
> anyone can give our training deck in their local language, or get their
> developers to watch it. The training slides are here:
> https://github.com/OWASP/ASVS/tree/master/training
> Jim and I have been discussing some of the revisions during our class
> yesterday, so don't think we're going to rest on our laurels after release.
> If you have questions, want to translate the ASVS or the training
> materials, please let us know.
> thanks,
> Andrew
> On Wed, Jun 29, 2016 at 3:19 PM, Andrew van der Stock <vanderaj at owasp.org>
> wrote:
>> Hi there,
>> I am pleased to announce that through the auspices of the most awesome
>> AppSec EU Project Summit, the OWASP Application Security Verification
>> Standard 3.0.1 has been released!
>> https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#tab=Downloads
>> List of changes:
>> https://github.com/OWASP/ASVS/issues?q=milestone%3A3.0.1+is%3Aclosed
>> Thank you to all those who logged issues, these have all been resolved,
>> making 3.0.1 a much cleaner standard! If you find an issue that needs
>> resolving, please log them directly in GitHub.
>> I think the next version will be v4.0 and let's set a date of AppSec USA
>> 2017, with working parties at each of the Project Summits at AppSec USA
>> 2016 and AppSec EU 2017.
>> Some ideas for future topics of conversation
>> * Add infrastructure / platform section
>> * Add SDLC section
>> * Revamp architecture section
>> * Add more requirements on single page application (SPA) applications
>> * Add more DOM protection issues
>> * Consider if we need to add an IoT section
>> * Closer integration with the killer OWASP SKF project (GET IT!)
>> * Closer integration with all the other killer OWASP Guides
>> * Consider breaking into Core, Mobile, App, SPA, IoT, Web Service so you
>> can mix and match
>> * Maintain all existing sections, weeding out old or ambiguous
>> requirements
>> If you feel you have something to contribute, either log issues marked as
>> "4.0" milestone, or mail the ASVS mail list, or mail one of the project
>> leaders! Actively looking for more contributors!
>> thanks,
>> Andrew
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

*Mark Miller, Senior Storyteller*
*Curator and Founder, Trusted Software Alliance*

*Host and Executive Producer, OWASP 24/7 Podcast ChannelCommunity Advocate,

*Developers and Application Security: Who is Responsible?*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160630/f7373d5e/attachment.html>

More information about the OWASP-Leaders mailing list