ASVS Testing: Understanding Access Requirements for Verification

Explore the intricacies of Application Security Verification Standard (ASVS) testing in this 43-minute conference talk. Delve into the challenges companies face when assessing web application security against ASVS requirements. Learn about the limitations of relying solely on penetration testing and the importance of comprehensive access for accurate verification. Discover an in-depth analysis of all 286 ASVS verification requirements, identifying the specific access needed for each level. Gain insights into the mix of penetration testing, documentation, and infrastructure access required for level two and three requirements. Understand the effort involved in ASVS testing and how this knowledge can improve test case generation and client expectations. Presented by Shanni Prutchi, a security consultant at Bishop Fox, this talk offers valuable perspectives on ASVS implementation and verification processes.