Application Security Verification Standard

From the Open Web Application Security Project (OWASP)

Each team must analyze the security threats associate with their software project. To do this, you will make use of the OWASP Application Security Verification Standard (ASVS) Project. At a minimum, each team must go through all of the Level 1 items in the ASVS and determine which of the following applies to your project:

• Addressed in project design, verified to not be a concern
• Addressed in project design, not tested
• Applicable but did not address in project
• Not sure if it applies to the project
• Does not apply to project

For each item that is not addressed but may be applicable, assign a risk level of high, medium, or low and identify the top three items that should be addressed, if time permits.