Security Assessment

Automatable Subset Only

This assessment checks controls that can be reliably verified through static code analysis.

What This Assessment Cannot Detect

Business logic flaws require manual review
Runtime behavior cannot be verified statically
Cryptographic strength requires runtime testing
Access control edge cases need penetration testing
Third-party service configurations are not verified

Recommendations for Full Compliance

Conduct periodic manual security reviews
Perform penetration testing annually
Review third-party dependencies regularly
Maintain security documentation

Understanding This Report

OWASP ASVS defines three verification levels with increasing security requirements:

          Level 1 (Baseline)
          50 controls - Basic security for all applications
        
          Level 2 (Standard)
          100 additional controls (cumulative) - For apps handling sensitive data
        
          Level 3 (Advanced)
          136 additional controls (cumulative) - For critical/high-risk applications

Coverage Visualization

236

L1 Checks (40) L2 Checks (19) Remaining L1 (10) Remaining L2/L3 (236)

What We Actually Check

This automated assessment covers 40 of 50 L1 controls (80%) and 19 of 100 L2 controls (19%). These are controls that can be reliably verified through static code analysis.

What The Pass Rate Means

The 84% pass rate shown above means 49 of our 58 automated checks passed. This is NOT 84% ASVS compliant. Full compliance requires manual review and penetration testing.