SecAppDev 2019 has ended
Back To Schedule
Friday, February 22 • 16:00 - 17:15
The OWASP ASVS as the basis for a security program

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The OWASP ASVS lists over 150 security requirements for modern applications. In this session, we explore how to use the ASVS to drive various activities in your security program.

Some people are under the misconception that if they follow the OWASP top 10 that they will have secure applications. But in reality, the OWASP Top Ten (and other top ten lists) are just the bare minimum for the sake of entry-level awareness. They do not constitute a sustainable security program. Instead, a more comprehensive and structured understanding of application security is needed. The OWASP Application Security Verification Standard (ASVS) delivers precisely that.

This talk delivers an in-depth look at the OWASP ASVS. We start by comparing the ASVS to the OWASP Top Ten 2017 and the OWASP Top Ten Proactive Controls 2018. Next, we explore how to use the ASVS as a basis for a rigorous security program. We illustrate how to use the ASVS as a basis for development requirements or security testing. Finally, we compare the current ASVS version (3.1) to the upcoming 4.0 release.

This session is intended for anyone aiming to adopt secure-by-design development practices


Jim Manico

CEO, Manicode Security

Friday February 22, 2019 16:00 - 17:15 CET
Main building (room Lemaire)