ASVS Security Review Skill

Codex skill for practical security reviews using OWASP ASVS 5.0. It maps findings to concrete ASVS requirement IDs and keeps output evidence-based.

What Is Included

• SKILL.md: Skill instructions and review workflow
• references/OWASP_Application_Security_Verification_Standard_5.0.0_en.flat.json: Bundled ASVS 5.0 dataset
• references/asvs-v5-quick-map.md: Chapter and level quick reference
• scripts/asvs_lookup.py: Requirement lookup helper

Install

Place this folder at:

$CODEX_HOME/skills/asvs-security-review

Use In Codex

Invoke it explicitly in your prompt:

Use $asvs-security-review.
Perform an ASVS 5.0 L1 review of this repo.
Map each finding to ASVS req IDs with file evidence and remediation.

Example focused prompt:

Use $asvs-security-review to review only auth/session/API code at L2.
Return high-risk findings first.

Example Prompt

Sample Output

Optional Helper Script

The lookup script works out of the box using the bundled dataset:

scripts/asvs_lookup.py jwt --chapter V9 --limit 10
scripts/asvs_lookup.py csrf --chapter V3 --level 2 --limit 10

Override data source if needed:

scripts/asvs_lookup.py token --data /path/to/OWASP_Application_Security_Verification_Standard_5.0.0_en.flat.json

or:

ASVS5_FLAT_JSON=/path/to/OWASP_Application_Security_Verification_Standard_5.0.0_en.flat.json scripts/asvs_lookup.py token