2018 OWASP ASVS level 3 certified

Praetorian benchmarked the security posture of BullPay’s Crowdfunding Platform against OWASP Application Security Verification Standard (ASVS) Level 3: Advanced.


Advanced product security evaluation
performed by independent experts, Praetorian

Praetorian certifies that the application meets the requirements of OWASP ASVS Level 3 and has adequate security controls in place to defend against advanced application security vulnerabilities, and also demonstrates principles of good security design.

OWASP ASVS is a list of application security requirements or tests. Evaluation ratings compare information gathered during the course of the engagement to the OWASP ASVS version 3.11 criteria for security standards.

Grading report card

The grade below is a representation of the BullPay Crypto Acceptance Platform’s current, post-remediation security posture. Praetorian calculates grades based on the “Existing Vulnerability Measure” (EVM) formula described in the reference below. EVM is used to quantify the collective risk of the findings identified during this assessment. The letter grade leverages EVM to benchmark risk posture against Praetorian’s client-base.

Product Security Grade
BullPay Crowdfunding Platform Excellent A
Grade Security Criteria Description
A Excellent The EVM of the assessed components placed within the top 5-10% of Praetorian’s client base. The overall security posture was found to be excellent with a minimal amount of low and informational risk findings identified.
B Good The EVM of the assessed components was above average when benchmarked against Praetorian’s client-base. Only a handful of low/informational risk shortcomings were identified in the testing time period.
C Fair The EVM of the assessed components was aligned closely to the average EVM of Praetorian’s client-base. The current solutions protect some areas of the target from security issues, but moderate changes are required to elevate the discussed area to acceptable standards.
D Poor The EVM of the assessed components fell below the average EVM, with significant security deficiencies present. Immediate attention should be given to the discussed issues to address exposure identified.
F Inadequate Serious security deficiencies were present in the assessed components and the EVM placed within the bottom 5-10% of Praetorian’s client-base. Shortcomings were identified throughout most of the security controls examined and improved security will require significant resources.
(1) OWASP Application Security Verification Standard
(2) ACM Digital Library