14. Challenges and Lessons
• Each of your customers would have their own
way and you cannot enforce a standard
• What gets measured gets managed
• You can call on the good-will but it is never a
guarantee
• People would follow the crowd
15. Introduction to OWASP ASVS
• OWASP Flagship project
• Started in 2009
• 3 levels of maturity – Basically a curated
checklist of all the good practices that you
have known all along
• Collection of practical advise on
implementation
16. Maturity Levels
• ASVS Level 1 (opportunistic) is meant for all
software
• ASVS Level 2 (standard) is for applications that
contain sensitive data, which requires protection
• ASVS Level 3 (advanced) is for the most critical
applications - applications that perform high value
transactions, contain sensitive medical data, or any
application that requires the highest level of trust
17. Uses of OWASP ASVS
• Use as a metric
• Use as guidance
• Use during procurement