Skip to content

ASVS Index

Table of Contents

Objective

The objective of this index is to help an OWASP Application Security Verification Standard (ASVS) user clearly identify which cheat sheets are useful for each section during his or her usage of the ASVS.

This index is based on the version 4.0.x of the ASVS.

V1: Architecture, Design and Threat Modeling Requirements

V1.1 Secure Software Development Lifecycle Requirements

Threat Modeling Cheat Sheet

Abuse Case Cheat Sheet

Attack Surface Analysis Cheat Sheet

V1.2 Authentication Architectural Requirements

None.

V1.3 Session Management Architectural Requirements

None.

V1.4 Access Control Architectural Requirements

Docker Security Cheat Sheet

V1.5 Input and Output Architectural Requirements

Abuse Case Cheat Sheet

Deserialization Cheat Sheet

V1.6 Cryptographic Architectural Requirements

Cryptographic Storage Cheat Sheet

Key Management Cheat Sheet

V1.7 Errors, Logging and Auditing Architectural Requirements

Logging Cheat Sheet

V1.8 Data Protection and Privacy Architectural Requirements

Abuse Case Cheat Sheet

User Privacy Protection Cheat Sheet

V1.9 Communications Architectural Requirements

Transport Layer Security Cheat Sheet

V1.10 Malicious Software Architectural Requirements

Third Party Javascript Management Cheat Sheet

Virtual Patching Cheat Sheet

V1.11 Business Logic Architectural Requirements

Abuse Case Cheat Sheet

V1.12 Secure File Upload Architectural Requirements

None.

V1.13 API Architectural Requirements

REST Security Cheat Sheet

V1.14 Configuration Architectural Requirements

None.

V2: Authentication Verification Requirements

V2.1 Password Security Requirements

Choosing and Using Security Questions Cheat Sheet

Forgot Password Cheat Sheet

Credential Stuffing Prevention Cheat Sheet

V2.2 General Authenticator Requirements

Authentication Cheat Sheet

Transport Layer Security Cheat Sheet

V2.3 Authenticator Lifecycle Requirements

None.

V2.4 Credential Storage Requirements

Password Storage Cheat Sheet

V2.5 Credential Recovery Requirements

Choosing and Using Security Questions Cheat Sheet

Forgot Password Cheat Sheet

V2.6 Look-up Secret Verifier Requirements

None.

V2.7 Out of Band Verifier Requirements

Forgot Password Cheat Sheet

V2.8 Single or Multi Factor One Time Verifier Requirements

None.

V2.9 Cryptographic Software and Devices Verifier Requirements

Cryptographic Storage Cheat Sheet

Key Management Cheat Sheet

V2.10 Service Authentication Requirements

None.

V3: Session Management Verification Requirements

V3.1 Fundamental Session Management Requirements

None.

V3.2 Session Binding Requirements

Session Management Cheat Sheet

Transport Layer Security Cheat Sheet

V3.3 Session Logout and Timeout Requirements

Session Management Cheat Sheet

Session Management Cheat Sheet

Cross-Site Request Forgery Prevention Cheat Sheet

V3.5 Token-based Session Management

JSON Web Token Cheat Sheet for Java

REST Security Cheat Sheet

V3.6 Re-authentication from a Federation or Assertion

None.

V3.7 Defenses Against Session Management Exploits

Session Management Cheat Sheet

Transaction Authorization Cheat Sheet

V4: Access Control Verification Requirements

V4.1 General Access Control Design

Access Control Cheat Sheet

Authorization Testing Automation

V4.2 Operation Level Access Control

Insecure Direct Object Reference Prevention Cheat Sheet

Cross-Site Request Forgery Prevention Cheat Sheet

Authorization Testing Automation

V4.3 Other Access Control Considerations

REST Assessment Cheat Sheet Multifactor Authentication Cheat Sheet

V5: Validation, Sanitization and Encoding Verification Requirements

V5.1 Input Validation Requirements

Mass Assignment Cheat Sheet

Input Validation Cheat Sheet

V5.2 Sanitization and Sandboxing Requirements

Server Side Request Forgery Prevention Cheat Sheet

XSS Prevention Cheat Sheet

DOM based XSS Prevention Cheat Sheet

Unvalidated Redirects and Forwards Cheat Sheet

V5.3 Output encoding and Injection Prevention Requirements

XSS Prevention Cheat Sheet

DOM based XSS Prevention Cheat Sheet

HTML5 Security Cheat Sheet

Injection Prevention Cheat Sheet

Injection Prevention Cheat Sheet in Java

Input Validation Cheat Sheet

LDAP Injection Prevention Cheat Sheet

OS Command Injection Defense Cheat Sheet

Protect File Upload Against Malicious File

Query Parameterization Cheat Sheet

SQL Injection Prevention Cheat Sheet

Unvalidated Redirects and Forwards Cheat Sheet

Bean Validation Cheat Sheet

XXE Prevention Cheat Sheet

XML Security Cheat Sheet

V5.4 Memory, String, and Unmanaged Code Requirements

None.

V5.5 Deserialization Prevention Requirements

Deserialization Cheat Sheet

XXE Prevention Cheat Sheet

XML Security Cheat Sheet

V6: Stored Cryptography Verification Requirements

V6.1 Data Classification

Abuse Case Cheat Sheet

User Privacy Protection Cheat Sheet

V6.2 Algorithms

Cryptographic Storage Cheat Sheet

Key Management Cheat Sheet

V6.3 Random Values

None.

V6.4 Secret Management

Key Management Cheat Sheet

V7: Error Handling and Logging Verification Requirements

V7.1 Log Content Requirements

Logging Cheat Sheet

V7.2 Log Processing Requirements

Logging Cheat Sheet

V7.3 Log Protection Requirements

Logging Cheat Sheet

V7.4 Error Handling

Error Handling Cheat Sheet

V8: Data Protection Verification Requirements

V8.1 General Data Protection

None.

V8.2 Client-side Data Protection

None.

V8.3 Sensitive Private Data

None.

V9: Communications Verification Requirements

V9.1 Communications Security Requirements

HTTP Strict Transport Security Cheat Sheet

Transport Layer Security Cheat Sheet

V9.2 Server Communications Security Requirements

Transport Layer Security Cheat Sheet

V10: Malicious Code Verification Requirements

V10.1 Code Integrity Controls

Third Party Javascript Management Cheat Sheet

None.

V10.3 Deployed Application Integrity Controls

Docker Security Cheat Sheet

V11: Business Logic Verification Requirements

V11.1 Business Logic Security Requirements

Abuse Case Cheat Sheet

V12: File and Resources Verification Requirements

V12.1 File Upload Requirements

Protect File Upload Against Malicious File

V12.2 File Integrity Requirements

Protect File Upload Against Malicious File

Third Party Javascript Management Cheat Sheet

V12.3 File execution Requirements

None.

V12.4 File Storage Requirements

None.

V12.5 File Download Requirements

None.

V12.6 SSRF Protection Requirements

Server Side Request Forgery Prevention Cheat Sheet

Unvalidated Redirects and Forwards Cheat Sheet

V13: API and Web Service Verification Requirements

V13.1 Generic Web Service Security Verification Requirements

Web Service Security Cheat Sheet

Server Side Request Forgery Prevention Cheat Sheet

V13.2 RESTful Web Service Verification Requirements

REST Assessment Cheat Sheet

REST Security Cheat Sheet

Cross-Site Request Forgery Prevention Cheat Sheet

Transport Layer Security Cheat Sheet

V13.3 SOAP Web Service Verification Requirements

XML Security Cheat Sheet

V13.4 GraphQL and other Web Service Data Layer Security Requirements

None.

V14: Configuration Verification Requirements

V14.1 Build

Docker Security Cheat Sheet

V14.2 Dependency

Docker Security Cheat Sheet

Vulnerable Dependency Management Cheat Sheet

V14.3 Unintended Security Disclosure Requirements

Error Handling Cheat Sheet

V14.4 HTTP Security Headers Requirements

Content Security Policy Cheat Sheet

V14.5 Validate HTTP Request Header Requirements

None.