Benchmarking Webshop Security: A Comprehensive Analysis Leveraging the OWASP ASVS, Pruthvi Vallabh Reddy Pullalarevu

Pruthvi Vallabh Reddy Pullalarevu

Abstract

In the contemporary digital landscape, where web applications support critical business operations and personal interactions, robust security has become indispensable. The increasing sophistication of cyber threats necessitates rigorous and systematic testing to ensure web applications are free from exploitable vulnerabilities. To establish comprehensive and consistent security assessments, adherence to recognized industry standards is crucial. The core objective of the thesis is to assess the security level of a specific web application (a webshop) by using the ASVS as a comprehensive benchmarking tool. This thesis aims to examine the practical application of the ASVS in guiding the penetration testing process. By evaluating its utility in identifying a broad spectrum of vulnerabilities and its contribution to standardized reporting, this study seeks to demonstrate how the ASVS can enhance the depth and consistency of web application security assessments.

Keywords: Application Security Verification Standard (ASVS), Black box testing, Cybersecurity, E Commerce, IT-Security, OWASP, Penetration testing