OWASP ASVS certification

The goal of the project was to verify if the customer’s web application is ASVS 4.0 compliant. The application was tested according to level 2 recommendations from the ASVS 4.0 standard. The project consisted of two phases: pentest and interview. During the interview, the SDLC practices and system architecture were analysed. During the pentest, the application was verified according to the selected set of ASVS requirements.


As a result, the customer has received a detailed report which included:

  • the ASVS 4.0 L2 requirements and their verification results (OK, Found, N/A)
  • detailed recommendations on how to fix vulnerabilities to become ASVS compliant
  • appendix with evidences on how each requirement was verified.

After fixing identified weaknesses the customer got the ASVS compliance certificate.

This website uses cookies to give you the best experience. Terms & Conditions