In this segment, Josh will talk about the OWASP ASVS project which he co-leads. He will talk a little about its background and in particular how it is starting to be used within the security industry. We will also discuss some of the practicalities and pitfalls of trying to get development teams to include security activities and considerations in their day-to-day work and examples of how Josh has seen this “in the wild”.

Segment Resources:

• Josh's personal website, https://joshcgrossman.com 
•  Josh's mastodon handle, https://infosec.exchange/@JoshCGrossman
• OWASP ASVS site, https://owasp.org/asvs
• More detailed talk about ASVS v4.0.3, https://www.youtube.com/watch?v=zqj4YuoAlcA
• The most recent, stable version of the standard (v4.0.3), https://github.com/OWASP/ASVS/tree/v4.0.3/4.0
• The “bleeding edge”/in-progress version, https://github.com/OWASP/ASVS/tree/master/5.0

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw232