Skip to content

OWASP Developer Guide

Overview

OWASP Developer Guide

Introduction
Foundations
Foundations
Requirements
Requirements
Design
Design
- Overview
- Threat modeling
  Threat modeling
- Web application checklist
  Web application checklist
- MAS checklist
Implementation
Implementation
- Overview
- Documentation
  Documentation
- Dependencies
  Dependencies
- Secure Libraries
  Secure Libraries
  - Overview
  - ESAPI
  - CSRFGuard
  - OSHP
- MASWE
Verification
Verification
- Overview
- Guides
  Guides
  - Overview Overview
    Table of contents
    
    6.1 Verification guides
  - WSTG
  - MASTG
  - ASVS
- Tools
  Tools
  - Overview
  - DAST tools
  - Amass
  - OWTF
  - Nettacker
  - OSHP verification
- Frameworks
  Frameworks
  - Overview
  - secureCodeBox
- Vulnerability management
  Vulnerability management
  - Overview
  - DefectDojo
Training and Education
Training and Education
- Overview
- Vulnerable Applications
  Vulnerable Applications
- Secure Coding Dojo
- SKF education
- SamuraiWTF
- OWASP Top 10 project
- Mobile Top 10
- API Top 10
- WrongSecrets
- OWASP Snakes and Ladders
Culture building and Process maturing
Culture building and Process maturing
- Overview
- Security Culture
- Security Champions
  Security Champions
- SAMM
- ASVS process
- MAS process
Operations
Operations
Metrics
Metrics
- Overview
Security gap analysis
Security gap analysis
- Overview
- Guides
  Guides
- BLT
Appendices
Appendices
- Implementation Do's and Don'ts
  Implementation Do's and Don'ts
- Verification Do's and Don'ts
  Verification Do's and Don'ts

Overview

Developer guide logo

6.1 Verification guides

Verification is one of the business functions described by the OWASP SAMM. The verification activities are wide ranging, and will include:

Testing of security controls
Review of controls and security mechanisms
Evaluation and assessment of the security architecture
and others

Given the breadth of techniques and knowledge required, guides are an important resource for verification activities.

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue.