OWASP 2025 Global AppSec EU

Formally announcing v5.0 of the Application Security Verification Standard (ASVS), the first major release in five years of one of OWASP’s flagship projects. But the project has not been sitting idle for years, it has been under development the entire time.

This talk will cover the big changes and improvements in this recently released version.

This includes:
- Defining and clarifying the scope of the ASVS, and expectations for requirements.
- Mandating documented security decisions to provide some flexibility on implementing and verifying security requirements, to match the differences between organizations and applications.
- Adding several new chapters and making important changes to existing chapters.
- Providing a two-way mapping to make it easier to migrate from v4.x to v5.
- Balancing the levels and reducing the barrier to entry into Level 1.

We will also talk about how you can use the standard more effectively in your organizations, the future plans for ASVS now that version 5.0 is out, and how you can be involved.

It’s time to move forward - start using ASVS v5.0 and come on board to develop it further.