- Objective
- V1: Architecture, Design and Threat Modeling Requirements
- V1.1 Secure Software Development Lifecycle Requirements
- V1.2 Authentication Architectural Requirements
- V1.3 Session Management Architectural Requirements
- V1.4 Access Control Architectural Requirements
- V1.5 Input and Output Architectural Requirements
- V1.6 Cryptographic Architectural Requirements
- V1.7 Errors, Logging and Auditing Architectural Requirements
- V1.8 Data Protection and Privacy Architectural Requirements
- V1.9 Communications Architectural Requirements
- V1.10 Malicious Software Architectural Requirements
- V1.11 Business Logic Architectural Requirements
- V1.12 Secure File Upload Architectural Requirements
- V1.13 API Architectural Requirements
- V1.14 Configuration Architectural Requirements
- V2: Authentication Verification Requirements
- V2.1 Password Security Requirements
- V2.2 General Authenticator Requirements
- V2.3 Authenticator Lifecycle Requirements
- V2.4 Credential Storage Requirements
- V2.5 Credential Recovery Requirements
- V2.6 Look-up Secret Verifier Requirements
- V2.7 Out of Band Verifier Requirements
- V2.8 Single or Multi Factor One Time Verifier Requirements
- V2.9 Cryptographic Software and Devices Verifier Requirements
- V2.10 Service Authentication Requirements
- V3: Session Management Verification Requirements
- V3.1 Fundamental Session Management Requirements
- V3.2 Session Binding Requirements
- V3.3 Session Logout and Timeout Requirements
- V3.4 Cookie-based Session Management
- V3.5 Token-based Session Management
- V3.6 Re-authentication from a Federation or Assertion
- V3.7 Defenses Against Session Management Exploits
- V4: Access Control Verification Requirements
- V5: Validation, Sanitization and Encoding Verification Requirements
- V6: Stored Cryptography Verification Requirements
- V7: Error Handling and Logging Verification Requirements
- V8: Data Protection Verification Requirements
- V9: Communications Verification Requirements
- V10: Malicious Code Verification Requirements
- V11: Business Logic Verification Requirements
- V12: File and Resources Verification Requirements
- V13: API and Web Service Verification Requirements
- V14: Configuration Verification Requirements
The objective of this index is to help an OWASP Application Security Verification Standard (ASVS) user clearly identify which cheat sheets are useful for each section during his or her usage of the ASVS.
This index is based on the version 4.x of the ASVS.
Attack Surface Analysis Cheat Sheet.
None.
None.
Cryptographic Storage Cheat Sheet.
User Privacy Protection Cheat Sheet.
Transport Layer Protection Cheat Sheet.
TLS Cipher String Cheat Sheet.
Third Party Javascript Management Cheat Sheet.
None.
None.
Choosing and Using Security Questions Cheat Sheet.
Credential Stuffing Prevention Cheat Sheet
Transport Layer Protection Cheat Sheet.
TLS Cipher String Cheat Sheet.
None.
Choosing and Using Security Questions Cheat Sheet.
None.
None.
Cryptographic Storage Cheat Sheet.
None.
None.
Session Management Cheat Sheet.
Session Management Cheat Sheet.
Session Management Cheat Sheet.
Cross-Site Request Forgery Prevention Cheat Sheet.
JSON Web Token Cheat Sheet for Java.
None.
Session Management Cheat Sheet.
Transaction Authorization Cheat Sheet.
Authorization Testing Automation.
Insecure Direct Object Reference Prevention Cheat Sheet.
Cross-Site Request Forgery Prevention Cheat Sheet.
Authorization Testing Automation.
Server Side Request Forgery Prevention Cheat Sheet.
DOM based XSS Prevention Cheat Sheet.
Unvalidated Redirects and Forwards Cheat Sheet.
DOM based XSS Prevention Cheat Sheet.
Injection Prevention Cheat Sheet.
Injection Prevention Cheat Sheet in Java.
LDAP Injection Prevention Cheat Sheet.
OS Command Injection Defense Cheat Sheet.
Protect File Upload Against Malicious File.
Query Parameterization Cheat Sheet.
SQL Injection Prevention Cheat Sheet.
Unvalidated Redirects and Forwards Cheat Sheet.
None.
User Privacy Protection Cheat Sheet.
Cryptographic Storage Cheat Sheet.
None.
None.
None.
None.
HTTP Strict Transport Security Cheat Sheet.
Transport Layer Protection Cheat Sheet.
TLS Cipher String Cheat Sheet.
None.
Third Party Javascript Management Cheat Sheet.
None.
Protect File Upload Against Malicious File.
Protect File Upload Against Malicious File.
Third Party Javascript Management Cheat Sheet.
None.
None.
None.
Server Side Request Forgery Prevention Cheat Sheet.
Unvalidated Redirects and Forwards Cheat Sheet.
Web Service Security Cheat Sheet.
Server Side Request Forgery Prevention Cheat Sheet.
Cross-Site Request Forgery Prevention Cheat Sheet.
None.
Vulnerable Dependency Management Cheat Sheet.
Content Security Policy Cheat Sheet.
None.