OWASP Top 10 Automated Testing
What is OWASP Top 10 Automated Testing?
The purpose of OWASP (Open Web Application Security Project) Scanning is to test your website against the most common vulnerabilities. OWASP Tests are automated scans that scan your website against the vulnerabilities, and lets you know where your website stands.
The Top 10 vulnerabilities are chosen from security experts all over the world.
“OWASP refers to the Top 10 as an ‘awareness document’ and recommends that all organisations incorporate the report into their processes in order to mitigate security risks. One thing to remember, it is not a standard. Organisations can define the matrix based on their own environment. This also means that it’s not just OWASP who defines Top10 but takes data from so many people, organisations and then opens it up for us to post the feedback. Analysis is very interesting and actually got Top 10 a total of forty-three CWE.” – owasp.org
ASVS Levels
- ASVS Level 1 is for low assurance levels, and is completely penetration testable
- ASVS Level 2 is for applications that contain sensitive data, which requires protection and is the recommended level for most apps
- ASVS Level 3 is for the most critical applications – applications that perform high value transactions, contain sensitive medical data, or any application that requires the highest level of trust.