- Objective
- V1: Architecture, Design and Threat Modeling Requirements
- V1.1 Secure Software Development Lifecycle Requirements
- V1.2 Authentication Architectural Requirements
- V1.3 Session Management Architectural Requirements
- V1.4 Access Control Architectural Requirements
- V1.5 Input and Output Architectural Requirements
- V1.6 Cryptographic Architectural Requirements
- V1.7 Errors, Logging and Auditing Architectural Requirements
- V1.8 Data Protection and Privacy Architectural Requirements
- V1.9 Communications Architectural Requirements
- V1.10 Malicious Software Architectural Requirements
- V1.11 Business Logic Architectural Requirements
- V1.12 Secure File Upload Architectural Requirements
- V1.13 API Architectural Requirements
- V1.14 Configuration Architectural Requirements
- V2: Authentication Verification Requirements
- V2.1 Password Security Requirements
- V2.2 General Authenticator Requirements
- V2.3 Authenticator Lifecycle Requirements
- V2.4 Credential Storage Requirements
- V2.5 Credential Recovery Requirements
- V2.6 Look-up Secret Verifier Requirements
- V2.7 Out of Band Verifier Requirements
- V2.8 Single or Multi Factor One Time Verifier Requirements
- V2.9 Cryptographic Software and Devices Verifier Requirements
- V2.10 Service Authentication Requirements
- V3: Session Management Verification Requirements
- V3.1 Fundamental Session Management Requirements
- V3.2 Session Binding Requirements
- V3.3 Session Logout and Timeout Requirements
- V3.4 Cookie-based Session Management
- V3.5 Token-based Session Management
- V3.6 Re-authentication from a Federation or Assertion
- V3.7 Defenses Against Session Management Exploits
- V4: Access Control Verification Requirements
- V5: Validation, Sanitization and Encoding Verification Requirements
- V6: Stored Cryptography Verification Requirements
- V7: Error Handling and Logging Verification Requirements
- V8: Data Protection Verification Requirements
- V9: Communications Verification Requirements
- V10: Malicious Code Verification Requirements
- V11: Business Logic Verification Requirements
- V12: File and Resources Verification Requirements
- V13: API and Web Service Verification Requirements
- V14: Configuration Verification Requirements
The objective of this index is to help an OWASP Application Security Verification Standard (ASVS) user clearly identify which cheat sheets are useful for each section during his or her usage of the ASVS.
This index is based on the version 4.0.x of the ASVS.
Attack Surface Analysis Cheat Sheet
None.
None.
Cryptographic Storage Cheat Sheet
User Privacy Protection Cheat Sheet
Transport Layer Security Cheat Sheet
Third Party Javascript Management Cheat Sheet
None.
None.
Choosing and Using Security Questions Cheat Sheet
Credential Stuffing Prevention Cheat Sheet
Transport Layer Security Cheat Sheet
None.
Choosing and Using Security Questions Cheat Sheet
None.
None.
Cryptographic Storage Cheat Sheet
None.
None.
Session Management Cheat Sheet
Transport Layer Security Cheat Sheet
Session Management Cheat Sheet
Session Management Cheat Sheet
Cross-Site Request Forgery Prevention Cheat Sheet
JSON Web Token Cheat Sheet for Java
None.
Session Management Cheat Sheet
Transaction Authorization Cheat Sheet
Authorization Testing Automation
Insecure Direct Object Reference Prevention Cheat Sheet
Cross-Site Request Forgery Prevention Cheat Sheet
Authorization Testing Automation
Server Side Request Forgery Prevention Cheat Sheet
DOM based XSS Prevention Cheat Sheet
Unvalidated Redirects and Forwards Cheat Sheet
DOM based XSS Prevention Cheat Sheet
Injection Prevention Cheat Sheet
Injection Prevention Cheat Sheet in Java
LDAP Injection Prevention Cheat Sheet
OS Command Injection Defense Cheat Sheet
Protect File Upload Against Malicious File
Query Parameterization Cheat Sheet
SQL Injection Prevention Cheat Sheet
Unvalidated Redirects and Forwards Cheat Sheet
None.
User Privacy Protection Cheat Sheet
Cryptographic Storage Cheat Sheet
None.
None.
None.
None.
HTTP Strict Transport Security Cheat Sheet
Transport Layer Security Cheat Sheet
Transport Layer Security Cheat Sheet
Third Party Javascript Management Cheat Sheet
None.
Protect File Upload Against Malicious File
Protect File Upload Against Malicious File
Third Party Javascript Management Cheat Sheet
None.
None.
None.
Server Side Request Forgery Prevention Cheat Sheet
Unvalidated Redirects and Forwards Cheat Sheet
Web Service Security Cheat Sheet
Server Side Request Forgery Prevention Cheat Sheet
Cross-Site Request Forgery Prevention Cheat Sheet
Transport Layer Security Cheat Sheet
None.
Vulnerable Dependency Management Cheat Sheet
Content Security Policy Cheat Sheet
None.