Today’s data privacy and data protection regulations focus on measures to ensure businesses are taking appropriate steps to safeguard the sensitive data that lives on digital assets. While the list of available industry frameworks, standards and guidelines seems endless, all are fundamentally designed to give individuals greater control over their own data privacy, help businesses harden data management policies and procedures, and hold companies accountable as custodians of personal data.
The OWASP Foundation is a non-profit organization working to improve software security through community-led, open-source software projects. The Foundation has hundreds of global chapters and tens of thousands of members. The OWASP Application Security Verification Standard (ASVS) Project provides security standards for software and web application developers and designers.
For years, the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS) has anchored web application and development software and security standards, but the severity of supply chain attacks and greater attention from industry regulators makes alignment to the ASVS more important than ever.
This past March, the Biden-Harris Administration released its National Cybersecurity Strategy in response to rampant cyber-attacks and supply chain risk. The strategy’s larger goal is to drive intentional, coordinated, and well-resourced cyber defense through significant focus on secure development practices that better promote and protect personal data privacy and security.
Greater government and regulatory focus mean that there’s more pressure (and benefits) to adhere to data privacy and data protection protocols and standards – OWASP’s ASVS is an essential standard that when appropriately applied supports compliance with broader data governance requirements.
What you need to know about OWASP
OWASP’s ASVS outlines a comprehensive set of requirements that provide organizations with guidance on how they should secure web applications against cyber-attacks and other malicious activities. Teams should be aware of the steps they can take to ensure appropriate alignment with ASVS recommendations, such as making sure applications are properly scanned, having staff trained on up-to-date best practices around building secure systems, and regularly testing environment configurations against known threats.