Build and Deploy
V14.1.1
Verify that the application build and deployment processes are performed in a secure and repeatable way, such as CI / CD automation, automated configuration management, and automated deployment scripts.
Level 1 required: False
Level 2 required: True
Level 3 required: True
V14.1.2
Verify that compiler flags are configured to enable all available buffer overflow protections and warnings, including stack randomization, data execution prevention, and to break the build if an unsafe pointer, memory, format string, integer, or string operations are found.
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 120
V14.1.3
Verify that server configuration is hardened as per the recommendations of the application server and frameworks in use.
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 16
V14.1.4
Verify that the application, configuration, and all dependencies can be re-deployed using automated deployment scripts, built from a documented and tested runbook in a reasonable time, or restored from backups in a timely fashion.
Level 1 required: False
Level 2 required: True
Level 3 required: True
V14.1.5
Verify that authorized administrators can verify the integrity of all security-relevant configurations to detect tampering.
Level 1 required: False
Level 2 required: False
Level 3 required: True
Disclaimer:
Credit via OWASP ASVS. For more information visit The OWASP ASVS Project or Github respository.. OWASP ASVS is under the Creative Commons Attribution-Share Alike v3.0 license.
