Secure Software Development Lifecycle
V1.1.1
Verify the use of a secure software development lifecycle that addresses security in all stages of development. (C1)
Level 1 required: False
Level 2 required: True
Level 3 required: True
V1.1.2
Verify the use of threat modeling for every design change or sprint planning to identify threats, plan for countermeasures, facilitate appropriate risk responses, and guide security testing.
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 1053
V1.1.3
Verify that all user stories and features contain functional security constraints, such as "As a user, I should be able to view and edit my profile. I should not be able to view or edit anyone else's profile"
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 1110
V1.1.4
Verify documentation and justification of all the application's trust boundaries, components, and significant data flows.
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 1059
V1.1.5
Verify definition and security analysis of the application's high-level architecture and all connected remote services. (C1)
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 1059
V1.1.6
Verify implementation of centralized, simple (economy of design), vetted, secure, and reusable security controls to avoid duplicate, missing, ineffective, or insecure controls. (C10)
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 637
V1.1.7
Verify availability of a secure coding checklist, security requirements, guideline, or policy to all developers and testers.
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 637
Disclaimer:
Credit via OWASP ASVS. For more information visit The OWASP ASVS Project or Github respository.. OWASP ASVS is under the Creative Commons Attribution-Share Alike v3.0 license.
