LFEL1004 - Final Exam references old Application Security Verification Standard (AVSV)

christian.schoen

Hello,

in the "Authentication and Authorization for Web/API (LFEL1004)" course in the final exam there is a question regarding the "Application Security Verification Standard" (AVSV). The question is referencing the old version 4.0.*, but the current version is 5.0.0 (as of May 2025).

An update of the question and/or the answers is needed.

Greetings,
Christian

dharmon

Hi @christian.schoen ,

Thank you for bringing this to our attention. I spoke with the author, and based on the updated ASVS v5.0, they provided a revised question. Here is the updated version:

Which OWASP ASVS v5.0 section focuses specifically on enforcing user roles and permissions?
A. V2: Identity
B. V8: Authorization
C. V6: Error Handling and Logging
D. V11: Malicious Code

The course has been updated to reflect this change.

Thank you again for helping us catch this.

Best,
David Harmon
Linux Foundation Education