GithubHelp home page GithubHelp logo

owasp-asvs-4.0-testing-guide's Introduction

OWASP ASVS 4.0 testing guide

Introduction

The OWASP ASVS 4.0 testing guide is an unofficial supporting document to the OWASP Application Security Verification Standard which attempts to describe each level 1 control, what are the consequences of not being compliant with it, how to test it - with known open source tools or manually - and the criteria for the control to be valid. Additionally, to several controls there have been developed scripts using bash or OWASP ZAP scripting engine to automate the check of said controls. The "ZAP-scripts" folder includes a guide on how to get started with ZAP scripts.

The aim of this project is to assist companies and organizations with getting started with using OWASP ASVS.

Find more about the project in an article on ZAProxy's website: Automate checking ASVS controls using ZAP scripts

Download

PDF version of OWASP ASVS 4.0 testing guide

Contributions

Check out CONTRIBUTING.md

owasp-asvs-4.0-testing-guide's People

Contributors

blazingwind avatar col-bee avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

secure-delivery shedu23 magnologan ossie-git lichnak irivera007 eoin-teachable vpnj012k mario-platt beerandgin hugojcqs lineuve twright-0x1 col-bee grepcaffeine dnavarrom nazosia aalvarado-ratedpower evandropdeo knoxpix alvacoder slooppe abhijitch joshua17sc ksmaheshkumar umbernhard lawrence44r

owasp-asvs-4.0-testing-guide's Issues

capturing User stories, and Chef Inspec and OPA tests

Some brilliant work here.
I had made a suggestion last year on main ASVS repo (OWASP/ASVS#813) to start creating User Stories and associated validations with Chef Inspec and Open Policy Agent REGO policies (you currently have Python and ZAP scripts).
Would you consider hosting the associated User Stories as an element for each control ? I'd be happy to start submitting some PRs for that info.
I'll be doing a lot related to this in my company this year, so would expect to contributing OPA and User Stories

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.