This checklist is based on OWASP Application Security Verification Standard (ASVS), mapping with the OWASP Web Security Testing Guide (WSTG). The goal is to help developers, testers or security professionals with testing the application/service in a more organized way.
(excerpted from the ASVS repository, https://github.com/OWASP/ASVS)
The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to provide an open application security standard for web apps and web services of all types.
The standard provides a basis for designing, building, and testing technical application security controls, including architectural concerns, secure development lifecycle, threat modelling, agile security including continuous integration / deployment, serverless, and configuration concerns.
(excerpted from the WSTG repository, https://github.com/OWASP/wstg)
The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of security professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers and organizations all over the world.
OWASP Application Security Checklist for Testing
- ASVS VERSION: 4.0.1 - https://github.com/OWASP/ASVS/releases/tag/v4.0.1
- WSTG VERSION: 4.1 - https://owasp.org/www-project-web-security-testing-guide/v41/
- Original ASVS checklist spreadsheet - https://github.com/shenril/owasp-asvs-checklist