Supplemental security components
Multiple layers and other security components comprise part of a complete application security program. It is crucial that a skilled AppSec engineer is aware of all of these security protocols and systems in place. We are going to explore a few of them in this section within the context of securing the cloud-native space, starting with OWASP’s flagship security guidelines for application security – ASVS.
OWASP ASVS
OWASP ASVS is a community-driven open source framework designed to help organizations assess the security of their web applications. The standard provides a checklist of security requirements that web applications should meet to ensure their security posture.
The framework is structured around three levels of increasing security coverage, with each level adding additional security controls. The levels are based on the sensitivity of the application and the data it handles, as well as the potential impact of a successful...