4

How relevant is the OWASP application security verification standard? Have you had it as a requirement made by business? What other application security standards relevant to business are there? I did try to search for them, but only OWASP ASVS poped up...

My boss, a non-technical person, wants to be able to sell strong app security, and I am the most informed person in the team security wise. I want to be able to say to my boss: here, I verified the application security using this really relevant standard, so that he is not embarased when talking to experienced security experts.

Anders
  • 64,406
  • 24
  • 178
  • 215
Štef FoReal
  • 143
  • 4

1 Answers1

2

Any OWASP project is as relevant as the community behind it, for example the PHP project is now abandoned but ASVS seems pretty active still.

Adhering to any OWASP best practice is always a good idea, it may not be the perfect fit for your organization and you are not obliged to follow everything they say, but it certainly helps to steer you in the right direction, and you have the back up of a solid not-for-profit organization.

As for the second part of your question please see this, but keep in mind that you can also approach it from the risk analysis point of view, for which you have options like STRIDE or Trike and even OWASP's own help.

Community
  • 1
Purefan
  • 3,560
  • 19
  • 26