ASVS-Testing

Use the OWASP Application Security Verification Standard as a Guide for Automated Unit and Integration Tests

V1 Architecture, Design and Threat Modeling

This section cannot be tested automatically

V2 Authentication

Requirements Subsection	Requirement(s)	Test Class	Test Type
V2.1 Password Security	2.1.1, 2.1.2, 2.1.3 2.1.4, 2.1.7, 2.1.9	PasswordPolicyTest	Unit Test
V2.1 Password Security	2.1.5, 2.1.6	ChangePasswordIntegrationTest	Integration Test
V2.1 Password Security	2.1.8, 2.1.11, 2.1.12	--	UI Test
V2.2 General Authenticator Security	2.1.8, 2.1.11, 2.1.12	--	UI Test
V2.3 Authenticator Lifecycle	2.1.8, 2.1.11, 2.1.12	--	UI Test
V2.4 Credential Storage	2.4.1, 2.4.2 2.4.4, 2.4.5	--	Integration Test
V2.5 Credential Recovery	2.5.1, 2.4.2 2.4.4, 2.4.5	--	Integration Test

V3 Session Management

Requirements Subsection	Requirement(s)	Test Class	Test Type
V3.1 Fundamental Session Management Security	3.1.1	--	Unit Test
V3.2 Session Binding	3.2.1, 3.2.2	--	Integration Test
V3.3 Session Termination	3.3.1 - 3.3.4	--	Integration Test

V4 Access Control

Requirements Subsection	Requirement(s)	Test Class	Test Type
V2.1 Password Security	2.1.1, 2.1.2, 2.1.3 2.1.4, 2.1.7, 2.1.9	PasswordPolicyTest	Unit Test

V5 Validation, Sanitization and Encoding

Requirements Subsection	Requirement(s)	Test Class	Test Type
V2.1 Password Security	2.1.1, 2.1.2, 2.1.3 2.1.4, 2.1.7, 2.1.9	PasswordPolicyTest	Unit Test

V6 Stored Cryptography

Requirements Subsection	Requirement(s)	Test Class	Test Type
V2.1 Password Security	2.1.1, 2.1.2, 2.1.3 2.1.4, 2.1.7, 2.1.9	PasswordPolicyTest	Unit Test

V7 Error Handling and Logging

Requirements Subsection	Requirement(s)	Test Class	Test Type
V2.1 Password Security	2.1.1, 2.1.2, 2.1.3 2.1.4, 2.1.7, 2.1.9	PasswordPolicyTest	Unit Test

V8 Data Protection

Requirements Subsection	Requirement(s)	Test Class	Test Type
V2.1 Password Security	2.1.1, 2.1.2, 2.1.3 2.1.4, 2.1.7, 2.1.9	PasswordPolicyTest	Unit Test

V9 Communication

Requirements Subsection	Requirement(s)	Test Class	Test Type
V2.1 Password Security	2.1.1, 2.1.2, 2.1.3 2.1.4, 2.1.7, 2.1.9	PasswordPolicyTest	Unit Test

V10 Malicious Code

Requirements Subsection	Requirement(s)	Test Class	Test Type
V2.1 Password Security	2.1.1, 2.1.2, 2.1.3 2.1.4, 2.1.7, 2.1.9	PasswordPolicyTest	Unit Test

V11 Business Logic

Requirements Subsection	Requirement(s)	Test Class	Test Type
V2.1 Password Security	2.1.1, 2.1.2, 2.1.3 2.1.4, 2.1.7, 2.1.9	PasswordPolicyTest	Unit Test

V12 Files and Resources

Requirements Subsection	Requirement(s)	Test Class	Test Type
V2.1 Password Security	2.1.1, 2.1.2, 2.1.3 2.1.4, 2.1.7, 2.1.9	PasswordPolicyTest	Unit Test

V13 API and Web Service

Requirements Subsection	Requirement(s)	Test Class	Test Type
V2.1 Password Security	2.1.1, 2.1.2, 2.1.3 2.1.4, 2.1.7, 2.1.9	PasswordPolicyTest	Unit Test

V14 Configuration

Requirements Subsection	Requirement(s)	Test Class	Test Type
V2.1 Password Security	2.1.1, 2.1.2, 2.1.3 2.1.4, 2.1.7, 2.1.9	PasswordPolicyTest	Unit Test

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
.github/workflows		.github/workflows
gradle/wrapper		gradle/wrapper
sonarqube		sonarqube
src		src
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
build.gradle		build.gradle
gradlew		gradlew
gradlew.bat		gradlew.bat
settings.gradle		settings.gradle

License

andifalk/ASVS-Testing

Folders and files

Latest commit

History

Repository files navigation

ASVS-Testing

V1 Architecture, Design and Threat Modeling

V2 Authentication

V3 Session Management

V4 Access Control

V5 Validation, Sanitization and Encoding

V6 Stored Cryptography

V7 Error Handling and Logging

V8 Data Protection

V9 Communication

V10 Malicious Code

V11 Business Logic

V12 Files and Resources

V13 API and Web Service

V14 Configuration

About

Topics

Resources

License

Stars

Watchers

Forks

Languages