The OWASP Application Security Verification Standard (ASVS) provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.
You can use the ASVS requirements to meet objectives with the following objectives in mind:
Any organisation that operates a website should consider using the ASVS. Within the ASVS there are three levels of compliance and website owners can triage their own application to determine which applies to them.
Depending on your own assessment of which ASVS security level applies to your applications, you will have a varying level of work to complete. For the latest version of ASVS, v5.0.0 release in 2025, we can help you with a wide selection of requirements.
These requirements are specifically aimed at tackling the growing threat of online attacks which cost organisations millions of dollars.
Achieving compliance with the ASVS requirements is designed to be a process where the minimum amount of effort gives the maximum amount of results, and there are specific requirements that we can make even easier.
The primary focus of the requirements that we can assist with is around the use of Content Security Policy, a powerful browser security mechanism designed to stop attacks where malicious code is injected into your website.
Here's a list of the requirements where we can directly assist, and know that there are many more when we can provide support too:
Implementing a strong Content Security Policy (CSP) directly supports ASVS 5.0.0 requirements by enforcing strict controls on what content can load, reducing exposure to XSS, Clickjacking, and other client‑side attacks. By blocking malicious scripts and flagging violations, CSP helps organizations mitigate risks before they escalate, protecting users and demonstrating proactive security governance.
To summarise, we have a selection of features and tools that will help you meet all these new OWASP ASVS 5.0.0 requirements, but please reach out to asvs@report-uri.com if you need more information.
We often find that creating a CSP is the first difficult step that organisations face. Having a complete list of all resource dependencies across your entire site like images, scripts or styles, from both 1st-party and 3rd-party locations, is tough to achieve.
The CSP Wizard was created to solve this problem, and in seven days or less, it can you give a complete list of all resources used across your entire site.
With the list of all resources you use on your site, and our easy to use tool, creating a viable Content Security Policy is easier than ever with just a few clicks.
All Content Security Policies will need to be tweaked at some point. New resources may be added to the site or old resources removed, and the policy needs to be updated to reflect those changes and kept up to date.
You can import your existing policy into the CSP Builder and use our fully featured tool to make any changes that you require right there in the UI. When you're done, hit Generate, and the CSP Builder will provide you with your new, updated policy.
Script Watch will monitor all JavaScript dependencies across your entire site and immediately notify you of any changes. A new JavaScript dependency could be the start of a Magecart attack.
Because Script Watch leverages the browser native Content Security Policy, there is no code or agent to deploy and running in the browser means we analyse your site in real-time as your users are browsing. We don't have the same limitations as external scanning services such as authentication or pay walls, geo-sensitive content or an attacker potentially serving safe content to the crawler.
Data Watch will monitor all of the locations that your webpages are sending data to. If your website starts sending data to a new location, it could be the start of a Magecart attack.
With Script Watch and Data Watch combined, you can monitor for clear indicators that your site has been compromised. Attackers will always want to inject their hostile JavaScript, and they'll always want to exfiltrate their stolen data.
Script Watch and Data Watch will allow you to rapidly detect and respond to a Magecart attack and combined, that capability puts you ahead of the field. If you want to take it a step further, Content Security Policy can mitigate a Magecart attack and stop it from even happening.
Deploying an effective Content Security Policy can be difficult, but our CSP Reporting allows you to gather feedback and safely test a policy before deployment. Once deployed, an effective Content Security Policy will block a Magecart attack and stop the hostile JavaScript from even running.
We subscribe to various feeds of Threat Intelligence data, along with managing our own internally generated feeds, to keep apprised of the latest threats that exist online.
Using this Threat Intelligence Data, we can better analyse the sources of JavaScript on your website and detect malicious activity sooner.
Our Certificate Transparency Monitoring service will allow you to easily monitor all certificates issued for your domains and inventory all the cryptographic keys used.
You can get started with Certificate Transparency Monitoring for free, it will only take a few clicks, and you can have it set up in less than 60 seconds!
We will monitor the Content Security Policy you have deployed on your site and notify you when it changes, including additions, deletions and modifications.
By closely monitoring the CSP you have deployed, we can ensure that you always have the correct protection in place for your visitors.