Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Web Application Security > OWASP > Flashcards

OWASP Flashcards

1
Q

What is the purpose of OWASP Application Security Verification Standard (ASVS)?

A

to provide:
* basis for testing web application technical security controls
* a list of requirements for secure development

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How should be OWASP Application Security Verification Standard (ASVS) used?

A
  • as a metric
    • provide application developers and application owners with a yardstick with which to assess the degree of trust that can be placed in their Web applications
  • as guidance
    • provide guidance to security control developers as to what to build into security controls in order to satisfy application security requirements
  • during procurement
    • provide a basis for specifying application security verification requirements in contracts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the three different ASVS verification levels?

A
  1. ASVS Level 1 - low assurance levels, completely penetration testable
  2. ASVS Level 2 - for applications that contain sensitive data, which requires protection
  3. ASVS Level 3 - for the most critical applications; applications that perform high value transactions, contain sensitive medical data, or any application that requires the highest level of trust
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the recommended ASVS verification level for most apps?

A

ASVS Level 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the only ASVS level that is completely penetration testable using humans?

A

Level 1; all others require access to documentation, source code, configuration, and the people involved in the development process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Is black box testing the preferable method of testing according to ASVS?

A

no, it is not an effective assurance activity and should be actively discouraged; black box testing does not provide enough assurance due to the lack of time of penetration testers, that security holes were patched after the development

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

According to ASVS, which 2 security testings are only possible to be done with human assistance?

A
  1. testing against business logic flaws
  2. access control testing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the best way of using ASVS?

A

use it as a blueprint to create a Secure Coding Checklist specific to the application being developed, platform or organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Web Application Security (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions