Thursday
Room 2
16:20 - 17:20
(UTC+01)
Talk (60 min)
What's New in ASVS V5
ASVS, one of the OWASP Foundation’s flagship projects, has been updated to its first major release since 2021. This update makes the standard easier to adopt while expanding its depth in areas that matter most to modern engineering teams and raising the bar for application security.
ASVS has been reorganized so related controls are easier to navigate and apply, and many requirements are now written in smaller, testable units. Its maturity levels have been rebalanced to make adoption easier. At the same time, v5 expands and clarifies guidance around topics such as modern authentication and API-driven, service-based architectures, reflecting how software is commonly designed and deployed today.
Version 5 combines easier adoption with greater depth in areas that are increasingly relevant to modern systems. In this session, we'll examine the structural changes, review some of the most meaningful content updates to the standard, and discuss what teams should revisit when upgrading from v4 or introducing ASVS for the first time.
Eden Yardeni
Eden Yardeni works in application security and is a contributor to OWASP projects, including ASVS v5. She previously worked as a full-stack developer and now focuses on defining and operationalizing application security standards across engineering teams.