News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

iBuildings Blog:
Verifying out software with OWASP ASVS
April 02, 2013 @ 12:20:19

On the iBuildings blog today there's a post from Boy Baukema about the use of the OWASP ASVS to help provide a framework of questions to ask about your application to help find any application security "pain points."

When a customer commissions Ibuildings for a new application, he usually has plenty of functional demands. [...] And maybe some thoughts have been given to performance metrics, but security? Well… it "needs to be secure". [...] It is said, conveniently enough mostly by software engineers, that building software is perhaps the most complex activity humans have ever undertaken.

He notes that "security is not a checkbox, it's a dropdown" and should be continuously considered continuously through out development. The OWASP ASVS provides a structure that a development group can follow to test the security of their application. It defines 4 types of testing/validation and fourteen other topics to consider.

While ASVS is a wonderful addition, it has it's issues: verification and reporting can take a significant amount of time and validation rules are not specific enough to use the tools and techniques.
0 comments voice your opinion now!
owasp verify software asvs standard questions security application


blog comments powered by Disqus

Similar Posts

PHP-Code.net: Securing PHP Apps Part III – Securing PHP on the server/Securing MySQL & Apache

php|architect: Application-level Logging with the Zend Framework

PHP.net: PHP 5.3.27 Released - PHP 5.3 Reaching End of Life

Greg Beaver\'s Blog: Why it is very important to upgrade to PEAR 1.4.6 from PEAR 1.3.x

Inviqa techPortal: New Relic for PHP: Web Application Performance Monitoring


Community Events





Don't see your event here?
Let us know!


series refactor introduction developer testing wordpress language install framework code laravel unittest list opinion release threedevsandamaybe community api interview podcast

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework