CREST and OWASP Partner on Verification Standard Program

Cybersecurity-focused non-profit CREST has partnered up with the Open Web Application Security Project (OWASP) to release the OWASP Verification Standard (OVS).

The move aims to provide mobile and web app developers with enhanced security assurance and accredited organizations with improved access to the app development industry.

“Both CREST and OWASP are non-profit organizations and we share a vision of increasing collaboration and open standards across the industry to build and maintain global cyber security standards,” commented CREST president Rowland Johnson.

From a technical standpoint, CREST OVS exists to assess an organization’s ability to execute and deliver assessments related to both Level 1 and Level 2 of the OWASP Application Security Verification Standard (ASVS) and OWASP Mobile Application Security Verification Standard (MASVS).

“This is a positive move for worldwide corporate and government adoption of the ASVS and MASVS projects,” said Andrew van der Stock, executive director of the OWASP Foundation.

“While the OWASP Top 10 risks project has built vital awareness of the importance of application security, I am excited to see the move towards using standards such as ASVS and MASVS to help organizations improve their application security in a structured and comprehensive way.”

For context, both initiatives have been developed by the technical AppSec community to create an open-source framework of security requirements for mobile and web applications.

Now, with CREST OVS, the organizations are establishing new standards in application security to provide the buyers of application security assessment services with the highest level of assurance.

“The program has a series of explicit requirements that are designed to assess and harness the capabilities of an organization, along with the skills and competencies of its individual security testers,” Johnson concluded.

A full list of requisites for the program and details on how to apply are available on CREST’s website.

The publication of the new standard comes roughly a year after CREST appointed Johnson as its new President.

Source

Cybersecurity-focused non-profit CREST has partnered up with the Open Web Application Security Project (OWASP) to release the OWASP Verification Standard (OVS).

The move aims to provide mobile and web app developers with enhanced security assurance and accredited organizations with improved access to the app development industry.

“Both CREST and OWASP are non-profit organizations and we share a vision of increasing collaboration and open standards across the industry to build and maintain global cyber security standards,” commented CREST president Rowland Johnson.

From a technical standpoint, CREST OVS exists to assess an organization’s ability to execute and deliver assessments related to both Level 1 and Level 2 of the OWASP Application Security Verification Standard (ASVS) and OWASP Mobile Application Security Verification Standard (MASVS).

“This is a positive move for worldwide corporate and government adoption of the ASVS and MASVS projects,” said Andrew van der Stock, executive director of the OWASP Foundation.

“While the OWASP Top 10 risks project has built vital awareness of the importance of application security, I am excited to see the move towards using standards such as ASVS and MASVS to help organizations improve their application security in a structured and comprehensive way.”

For context, both initiatives have been developed by the technical AppSec community to create an open-source framework of security requirements for mobile and web applications.

Now, with CREST OVS, the organizations are establishing new standards in application security to provide the buyers of application security assessment services with the highest level of assurance.

“The program has a series of explicit requirements that are designed to assess and harness the capabilities of an organization, along with the skills and competencies of its individual security testers,” Johnson concluded.

A full list of requisites for the program and details on how to apply are available on CREST’s website.

The publication of the new standard comes roughly a year after CREST appointed Johnson as its new President.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

A series of vulnerabilities on the popular asset management platform Device42 could be exploited to give attackers full root access to the system, according...

Top 5 best backup practices

Give yourself peace of mind by implementing a new backup strategy with our tips....

Indian Power Sector targeted with latest LockBit 3.0 variant

Estimated reading time: 5 minutesAfter the infamous Conti ransomware group was disbanded, its former members began to target the energy and power sectors...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!