Application Security Verification Standard Makes Cloud Security Assessments Simpler Than Ever

Online PR News – 02-August-2021 – Centraleyes today announced that it has added the OWASP ASVS 4.0 framework to its cloud-based, cutting-edge cyber risk management platform. By gathering information from multiple sources and consolidating that data into a single pane of glass, the solution automates much of the repetitive manual tasks often involved in cybersecurity. Offering multiple security standards and frameworks, the Centraleyes platform is designed to evaluate different types of risk and compliance.

With the introduction of OWASP ASVS, customers are able to use the Centraleyes platform to launch security assessments of cloud-based apps in a matter of seconds. Software developers can use the platform to gain real-time insights into the security posture of the applications they are developing. The framework is also designed to serve as a baseline requirement that can be used during the procurement stage for software.

"Securing the enterprise has never been more challenging," says Yair Solow, CEO at Centraleyes. "With so many moving pieces, traditional security assessments are not enough. The addition of in-house developed applications with a heavy reliance on vendors, has created the need for a dedicated application assessment framework, that is capable of defining metrics by which all applications can be rapidly assessed OWASP ASVS is precisely that."

First published back in 2009, ASVS initially gained momentum through community involvement and feedback, with adoption growing increasingly widespread year over year. It features three implementation levels:

Level 1: Basic assurance, able to be completely assessed via penetration testing.
Level 2: The recommended level for most applications, particularly those that contain sensitive data and require a solid level of protection.
Level 3: For critical applications that perform highly-sensitive transactions that contain valuable, sensitive data that requires high levels of trust and data integrity, such as Protected Health Information.

OWASP ASVS Version 4.0, released in March 2019, introduced an updated indexing system which made it considerably easier to navigate and manage the framework. Hosted and shared openly on GitHub, the open-source framework is supported by hundreds of global chapters which together are comprised of tens of thousands of members. The latest version also features controls and reporting that enable it to comply fully with the NIST 800-63-3 Standard for Digital Identity Guidelines.

"Awareness and scrutiny around vendor and supply chain risk has been growing for some time, especially in the wake of high-profile attacks like SolarWinds and Kaseya," Solow continues. "Organizations are anxious to ensure the software they procure and develop is sufficiently protected. As always, our aim is to enable them to do exactly that, adjust to a world where solutions are ever-evolving, and the threats are right behind."