Application Security Verification Standard 3.0.1
This standard is used to verify application security and provides a list of components that comply with security recommendations.
It focuses on standardizing functional and non-functional requirements essential when designing, developing, and testing web applications.
The standard also includes CWE (Common Weakness Enumeration), which helps to identify the probability and consequences of exploiting vulnerabilities, facilitating risk assessment, and implementing appropriate safeguards.
NIST Special Publication 800-115
Technical Guide to Information Security Testing and Assessment is a cyclically updated security testing method developed by the National Institute of Standards and Technology (NIST) in the United States.
This guide provides detailed guidance on conducting security testing and assessment of information systems.
Regular updates ensure alignment with the latest threats and technologies, making it an essential tool in assessing and protecting IT systems.