The application under test will be evaluated accordingly with the level of threat that it presents.

All the vulnerabilities found will be marked with one of the following risk types: Critical, High, Medium, Low or Informational.

A final report will be organized around the Application Security Verification Standard at the end of the security testing session. This report will include the status of each verification requirement and provide further details where appropriate.

This gives you and your stakeholders a good idea of where your application stands when measured by the standard and is extremely valuable on follow-up engagements because it allows you to see how security has improved or regressed over time.

Furthermore, stakeholders interested in how the application performed in a specific category or categories can easily find out that information because the report format aligns closely with the ASVS.