From 9b1a43e72314039275271c8f7422269d2e5603bd Mon Sep 17 00:00:00 2001 From: Josh Grossman Date: Sun, 13 Oct 2024 10:43:18 +0300 Subject: [PATCH 1/7] Add ASVS final countdown blog --- _posts/2024-10-14-asvs-final-countdown.md | 61 +++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 _posts/2024-10-14-asvs-final-countdown.md diff --git a/_posts/2024-10-14-asvs-final-countdown.md b/_posts/2024-10-14-asvs-final-countdown.md new file mode 100644 index 000000000..fd9ee620e --- /dev/null +++ b/_posts/2024-10-14-asvs-final-countdown.md @@ -0,0 +1,61 @@ +--- + +date: 2024-10-13 00:00:00-0100 +categories: blog +author: Josh Grossman +author_image: /assets/images/people/josh_grossman_headshot.jpg +layout: blogpost +title: ASVS 5.0 - The Final Countdown +excerpt_separator: + +--- + +![Our new banner](/assets/images/posts/asvsmeetup/OWASP_ASVS_Linkedin_Banner-01.jpg){:style="max-width:800px;float:left;"} +
+ +## Introduction + +We are on the final countdown to the release of the [OWASP Application Security Verification Standard (ASVS)](https://asvs.owasp.org) version 5.0! + +The ASVS leaders and several other contributors will be meeting at the [OWASP Project Summit](https://owaspprojectsummit.org/) in November to pull together a release candidate of the updated requirements for ASVS 5.0. + +This will be a major release with a lot of changes to bring the ASVS up to date and make it more usable + +Over the next couple of weeks, we will be announcing that certain chapters are ready for public review and we would welcome your input. + + +## We need your help + +Please look out for Social Media and Slack announcements over the next couple of weeks about chapters that are ready for review. + +At this stage, we are looking for comments on aspects that will be finalised during the project summmit, see below. + +Following the project summit, we will be seeking feedback on a more final draft of the standard with the aim of releasing the final version by the end of the year. + +### What will be finalised during the Project Summit + +We will be actively seeking review comments on these items in advance of and during the summit. + +* Requirement wording +* Requirement location (chapter and section) +* Chapter text +* Level definitions. See the discussions [here](https://github.com/OWASP/ASVS/discussions/1839). + +### What will remain afterwards + +We will be actively seeking review comments on these items after the summit. + +* Renumbering (including chapter numbering) +* Setting levels. +* Changing the [current change tagging](https://github.com/OWASP/ASVS/blob/master/CONTRIBUTING.md#standard-for-changes) into a separate change log. +* Mapping to OWASP CRE. +* Introductory text separate to the chapters +* The appendix sections. + +### Stay in contact + +Make sure you hear about chapter draft releases and stay in touch via our social media channels and website: + +* Website: +* Twitter: +* LinkedIn: From 39d42c5e1328ba04915029e699fdf57447948c84 Mon Sep 17 00:00:00 2001 From: Josh Grossman Date: Sun, 13 Oct 2024 10:47:45 +0300 Subject: [PATCH 2/7] Add link to guiding principles --- _posts/2024-10-14-asvs-final-countdown.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_posts/2024-10-14-asvs-final-countdown.md b/_posts/2024-10-14-asvs-final-countdown.md index fd9ee620e..32cc20f40 100644 --- a/_posts/2024-10-14-asvs-final-countdown.md +++ b/_posts/2024-10-14-asvs-final-countdown.md @@ -19,7 +19,7 @@ We are on the final countdown to the release of the [OWASP Application Security The ASVS leaders and several other contributors will be meeting at the [OWASP Project Summit](https://owaspprojectsummit.org/) in November to pull together a release candidate of the updated requirements for ASVS 5.0. -This will be a major release with a lot of changes to bring the ASVS up to date and make it more usable +This will be a major release with a lot of changes to bring the ASVS up to date and make it more usable. See [here for more information on the guiding principles of the new release](https://github.com/OWASP/ASVS/wiki/Roadmap-to-version-5.0#key-objectives). Over the next couple of weeks, we will be announcing that certain chapters are ready for public review and we would welcome your input. From 66695c676f4355b083d8e340cb170a55da9cb27c Mon Sep 17 00:00:00 2001 From: Josh Grossman Date: Wed, 9 Apr 2025 17:46:42 +0300 Subject: [PATCH 3/7] Update and roll forward this post --- _posts/2024-10-14-asvs-final-countdown.md | 61 ----------------------- _posts/2025-04-09-asvs-final-countdown.md | 54 ++++++++++++++++++++ 2 files changed, 54 insertions(+), 61 deletions(-) delete mode 100644 _posts/2024-10-14-asvs-final-countdown.md create mode 100644 _posts/2025-04-09-asvs-final-countdown.md diff --git a/_posts/2024-10-14-asvs-final-countdown.md b/_posts/2024-10-14-asvs-final-countdown.md deleted file mode 100644 index 32cc20f40..000000000 --- a/_posts/2024-10-14-asvs-final-countdown.md +++ /dev/null @@ -1,61 +0,0 @@ ---- - -date: 2024-10-13 00:00:00-0100 -categories: blog -author: Josh Grossman -author_image: /assets/images/people/josh_grossman_headshot.jpg -layout: blogpost -title: ASVS 5.0 - The Final Countdown -excerpt_separator: - ---- - -![Our new banner](/assets/images/posts/asvsmeetup/OWASP_ASVS_Linkedin_Banner-01.jpg){:style="max-width:800px;float:left;"} -
- -## Introduction - -We are on the final countdown to the release of the [OWASP Application Security Verification Standard (ASVS)](https://asvs.owasp.org) version 5.0! - -The ASVS leaders and several other contributors will be meeting at the [OWASP Project Summit](https://owaspprojectsummit.org/) in November to pull together a release candidate of the updated requirements for ASVS 5.0. - -This will be a major release with a lot of changes to bring the ASVS up to date and make it more usable. See [here for more information on the guiding principles of the new release](https://github.com/OWASP/ASVS/wiki/Roadmap-to-version-5.0#key-objectives). - -Over the next couple of weeks, we will be announcing that certain chapters are ready for public review and we would welcome your input. - - -## We need your help - -Please look out for Social Media and Slack announcements over the next couple of weeks about chapters that are ready for review. - -At this stage, we are looking for comments on aspects that will be finalised during the project summmit, see below. - -Following the project summit, we will be seeking feedback on a more final draft of the standard with the aim of releasing the final version by the end of the year. - -### What will be finalised during the Project Summit - -We will be actively seeking review comments on these items in advance of and during the summit. - -* Requirement wording -* Requirement location (chapter and section) -* Chapter text -* Level definitions. See the discussions [here](https://github.com/OWASP/ASVS/discussions/1839). - -### What will remain afterwards - -We will be actively seeking review comments on these items after the summit. - -* Renumbering (including chapter numbering) -* Setting levels. -* Changing the [current change tagging](https://github.com/OWASP/ASVS/blob/master/CONTRIBUTING.md#standard-for-changes) into a separate change log. -* Mapping to OWASP CRE. -* Introductory text separate to the chapters -* The appendix sections. - -### Stay in contact - -Make sure you hear about chapter draft releases and stay in touch via our social media channels and website: - -* Website: -* Twitter: -* LinkedIn: diff --git a/_posts/2025-04-09-asvs-final-countdown.md b/_posts/2025-04-09-asvs-final-countdown.md new file mode 100644 index 000000000..f2c260f41 --- /dev/null +++ b/_posts/2025-04-09-asvs-final-countdown.md @@ -0,0 +1,54 @@ +--- + +date: 2025-04-09 00:00:00-0100 +categories: blog +author: Josh Grossman +author_image: /assets/images/people/josh_grossman_headshot.jpg +layout: blogpost +title: ASVS 5.0 - The Final Countdown +excerpt_separator: + +--- + +![Our new banner](/assets/images/posts/asvsmeetup/OWASP_ASVS_Linkedin_Banner-01.jpg){:style="max-width:800px;float:left;"} +
+ +## Introduction + +We are on the final countdown to the release of the [OWASP Application Security Verification Standard (ASVS)](https://asvs.owasp.org) version 5.0! + +This will be a major release with a lot of changes to bring the ASVS up to date and make it more usable. See [here for more information on the guiding principles of the new release](https://github.com/OWASP/ASVS/wiki/Roadmap-to-version-5.0#key-objectives). + +We have now released a release candidate version of 5.0 and we are waiting for your feedback! + + + +## How can I help? + +Reading through the release candidate version of ASVS is a great place to start. We would strongly recommend that you use [the markdown version](https://github.com/OWASP/ASVS/tree/master/5.0/en) as we are constantly incorporating updates. There is also an [unofficial web based version](https://asvs.dev/v5.0.draft/0x00-Header/) which is kept frequently updated. + +A few questions to ask yourself as you review the document: + +* If I was a developer or a security tester, would this requirement understandable to me? +* Can I think of a way of improving front / chapter / section text to add clarity without adding unnecessary content. + +Please first log ideas, issues or questions here: . It’s helpful to share if you have any ideas or if you find any bugs or typos (but see the extra guidance below). + +We may subsequently ask you to open a pull request, , based on the discussion in the issue. + +After familiarizing yourself with the current version and if you don't have additional questions or feedback, the next area to focus on is the "Issues" section. + +The issues to focus on for RC1 are listed here: +https://github.com/OWASP/ASVS/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22_5.0%20-%20rc1%22 + +## What's next + +Our very own Elar Lang will be presenting at [OWASP Global AppSec EU Barcelona](https://owasp.glueup.com/event/owasp-global-appsec-eu-2025-123983/) about the final 5.0 version so make sure you [check out his session there](https://owasp2025globalappseceu.sched.com/event/1whCc/introducing-the-50-release-of-the-asvs) in the builder track on Friday, 11:30am - 12:15pm. + +## Stay in contact + +Make sure you hear about chapter draft releases and stay in touch via our social media channels and website: + +* Website: +* Twitter: +* LinkedIn: From 1836dee8eb7d11a4386fbd0e9dfc4aa427533e18 Mon Sep 17 00:00:00 2001 From: Josh Grossman Date: Wed, 9 Apr 2025 17:47:32 +0300 Subject: [PATCH 4/7] Further updates --- _posts/2025-04-09-asvs-final-countdown.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_posts/2025-04-09-asvs-final-countdown.md b/_posts/2025-04-09-asvs-final-countdown.md index f2c260f41..8f67e6311 100644 --- a/_posts/2025-04-09-asvs-final-countdown.md +++ b/_posts/2025-04-09-asvs-final-countdown.md @@ -43,7 +43,7 @@ https://github.com/OWASP/ASVS/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22_5 ## What's next -Our very own Elar Lang will be presenting at [OWASP Global AppSec EU Barcelona](https://owasp.glueup.com/event/owasp-global-appsec-eu-2025-123983/) about the final 5.0 version so make sure you [check out his session there](https://owasp2025globalappseceu.sched.com/event/1whCc/introducing-the-50-release-of-the-asvs) in the builder track on Friday, 11:30am - 12:15pm. +Our very own Elar Lang, the key driving force behind version 5.0, will be presenting at [OWASP Global AppSec EU Barcelona](https://owasp.glueup.com/event/owasp-global-appsec-eu-2025-123983/) about the final 5.0 version so make sure you [check out his session there](https://owasp2025globalappseceu.sched.com/event/1whCc/introducing-the-50-release-of-the-asvs) in the builder track on Friday, 11:30am - 12:15pm. ## Stay in contact From ea378021b0d417f840196cd5928cbdc9b684b3ce Mon Sep 17 00:00:00 2001 From: Josh Grossman Date: Wed, 9 Apr 2025 17:48:25 +0300 Subject: [PATCH 5/7] Update --- _posts/2025-04-09-asvs-final-countdown.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/_posts/2025-04-09-asvs-final-countdown.md b/_posts/2025-04-09-asvs-final-countdown.md index 8f67e6311..daaa3e8a4 100644 --- a/_posts/2025-04-09-asvs-final-countdown.md +++ b/_posts/2025-04-09-asvs-final-countdown.md @@ -39,7 +39,8 @@ We may subsequently ask you to open a pull request, ## What's next From 7b9dc297d4e9fb362688b3fdd90ec3daa42ae6de Mon Sep 17 00:00:00 2001 From: Josh Grossman Date: Wed, 9 Apr 2025 18:26:42 +0300 Subject: [PATCH 6/7] Final tweaks --- _posts/2025-04-09-asvs-final-countdown.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_posts/2025-04-09-asvs-final-countdown.md b/_posts/2025-04-09-asvs-final-countdown.md index daaa3e8a4..522450d46 100644 --- a/_posts/2025-04-09-asvs-final-countdown.md +++ b/_posts/2025-04-09-asvs-final-countdown.md @@ -25,7 +25,7 @@ We have now released a release candidate version of 5.0 and we are waiting for y ## How can I help? -Reading through the release candidate version of ASVS is a great place to start. We would strongly recommend that you use [the markdown version](https://github.com/OWASP/ASVS/tree/master/5.0/en) as we are constantly incorporating updates. There is also an [unofficial web based version](https://asvs.dev/v5.0.draft/0x00-Header/) which is kept frequently updated. +Reading through the release candidate version of ASVS is a great place to start. We would strongly recommend that you use [the markdown version](https://github.com/OWASP/ASVS/tree/master/5.0/en) as we are constantly incorporating updates. There is also a [semi-official web based version](https://asvs.dev/v5.0.draft/0x00-Header/) (maintained by Elar, one of the project leaders) which is kept frequently updated. A few questions to ask yourself as you review the document: @@ -34,7 +34,7 @@ A few questions to ask yourself as you review the document: Please first log ideas, issues or questions here: . It’s helpful to share if you have any ideas or if you find any bugs or typos (but see the extra guidance below). -We may subsequently ask you to open a pull request, , based on the discussion in the issue. +We may subsequently ask you to open a pull request, , based on the discussion in the issue, if you are willing to do so, or we do that ourselves if you prefer. After familiarizing yourself with the current version and if you don't have additional questions or feedback, the next area to focus on is the "Issues" section. From 54b79c061f9056fdb6bab136d4300ed1b2540826 Mon Sep 17 00:00:00 2001 From: Josh Grossman Date: Wed, 9 Apr 2025 18:27:44 +0300 Subject: [PATCH 7/7] Change post name --- ...09-asvs-final-countdown.md => 2025-04-09-asvs-rc1-review.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename _posts/{2025-04-09-asvs-final-countdown.md => 2025-04-09-asvs-rc1-review.md} (96%) diff --git a/_posts/2025-04-09-asvs-final-countdown.md b/_posts/2025-04-09-asvs-rc1-review.md similarity index 96% rename from _posts/2025-04-09-asvs-final-countdown.md rename to _posts/2025-04-09-asvs-rc1-review.md index 522450d46..8d9f8c86d 100644 --- a/_posts/2025-04-09-asvs-final-countdown.md +++ b/_posts/2025-04-09-asvs-rc1-review.md @@ -5,7 +5,7 @@ categories: blog author: Josh Grossman author_image: /assets/images/people/josh_grossman_headshot.jpg layout: blogpost -title: ASVS 5.0 - The Final Countdown +title: ASVS 5.0 RC1 is ready for your review! excerpt_separator: ---