# Application Security Verification Standard (ASVS)
What is ASVS and how does it apply to Psono.
# What is ASVS in general?
The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.
The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications. The requirements were developed with the following objectives in mind:
- Use as a metric - Provide application developers and application owners with a yardstick with which to assess the degree of trust that can be placed in their Web applications,
- Use as guidance - Provide guidance to security control developers as to what to build into security controls in order to satisfy application security requirements, and
- Use during procurement - Provide a basis for specifying application security verification requirements in contracts.
# How is it applicable to Psono?
Psono as a password manager has to live up to the highest standards of internet security. We want to provide here a self audit of Psono (the application), our free hosted community edition (psono.pw) and Psono SaaS.
Our goals are:
- to improve the general security awareness for contributers and developers
- create a brief overview / base for auditors to evaluate security measures
- demonstrate to interested parties how Psono is designed
All questions have been answered March 6th, 2018. The version of ASVS that is used for this self audit is ASVS 3.0.1.
# AVAST License (applicable to the whole ASVS section)
Copyright © 2008 – 2016 The OWASP Foundation.
This document is released under the Creative Commons Attribution ShareAlike 3.0 license. For any reuse or distribution, you must make clear to others the license terms of this work.
# Authors of AVAST
# Version 3.0, 2015
| Project Leads | Lead Authors | Contributors and Reviewers |
|---|---|---|
| Andrew van der Stock Daniel Cuthbert | Jim Manico | Abhinav Sejpal Ari Kesäniemi Boy Baukema Colin Watson Cristinel Dumitru David Ryan François-Eric Guyomarc’h Gary Robinson Glenn Ten Cate James Holland Martin Knobloch Raoul Endres Ravishankar S Riccardo Ten Cate Roberto Martelloni Ryan Dewhurst Stephen de Vries Steven van der Baan |
# Version 2.0, 2014
| Project Leads | Lead Authors | Contributors and Reviewers |
|---|---|---|
| Daniel Cuthbert Sahba Kazerooni | Andrew van der Stock Krishna Raja | Antonio Fontes Archangel Cuison Ari Kesäniemi Boy Baukema Colin Watson Dr Emin Tatli Etienne Stalmans Evan Gaustad Jeff Sergeant Jerome Athias Jim Manico Mait Peekma Pekka Sillanpää Safuat Hamdy Scott Luc Sebastien Deleersnyder |
# Version 1.0, 2009
| Project Leads | Lead Authors | Contributors and Reviewers |
|---|---|---|
| Mike Boberski Jeff Williams Dave Wichers | Jim Manico | Andrew van der Stock Barry Boyd Bedirhan Urgun Colin Watson Dan Cornell Dave Hausladen Dave van Stein Dr. Sarbari Gupta Dr. Thomas Braun Eoin Keary Gaurang Shah George Lawless Jeff LoSapio Jeremiah Grossman John Martin John Steven Ken Huang Ketan Dilipkumar Vyas Liz FongShouvik Bardhan Mandeep Khera Matt Presson Nam Nguyen Paul Douthit Pierre Parrend Richard Campbell Scott Matsumoto Stan Wisseman Stephen de Vries Steve Coyle Terrie Diaz Theodore Winograd |
# Source
https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project (opens new window) https://www.owasp.org/images/3/33/OWASP_Application_Security_Verification_Standard_3.0.1.pdf (opens new window)