Beyond best practices: Using OWASP ASVS to bake security into your delivery pipeline for 2025
1 min read
Summary
Version 5.0 of the OWASP Application Security Verification Standard (ASVS) is due for release later this year, and includes updates to reflect changes in technology and the threat landscape since the previous version.
ASVS provides a catalogue of testable requirements for secure development that can be integrated into code reviews, CI pipelines, and penetration tests.
The new release simplifies the scope by removing duplicate wording and incorporating guidance on cloud-native, software bill of materials (SBOM), and serverless functionality.
It also refines the compliance framework, collapsing the previous four levels into three, with Level 1 deemed purely “informational,” and real compliance starting at Level 2.
The new release is intended to provide a more streamlined and future-proof approach to integrating security into a development lifecycle (SDLC).