OWASP ASVS

Application Security Verification Standard (ASVS) is a standard developed by OWASP that defines levels of security verification for applications. At Haxoris, we use ASVS as a framework for penetration testing of web and mobile applications.

The ASVS standard is divided into three levels – from basic security to advanced requirements for critical systems:

  • Level 1: Basic security level suitable for public applications without sensitive data.
  • Level 2: Standard level for applications that process personal or internal data.
  • Level 3: The highest level of security intended for high-risk applications – e.g., in healthcare, finance, or critical infrastructure.
OWASP ASVS - Illustration of the security standard for application verification

When do we use ASVS?

We use ASVS primarily during penetration tests of applications that require compliance with regulations such as GDPR, PCI-DSS, or NIS2. Thanks to its tiered structure, we can tailor the scope of testing based on the risk level of the environment.

  • During development of internal tools for processing sensitive data
  • For applications with multi-level authentication and authorization
  • When testing applications deployed in regulated sectors

Benefits of using OWASP ASVS

  • Clearly defined security goals for each type of application
  • Ability to tailor testing based on criticality
  • Suitable for both DevSecOps and manual testing
  • Globally recognized framework used by professionals

Secure your applications with OWASP ASVS

Book Now