per type of architectural component of a web app, and thus integrate it into the development lifecycle.
We suspect the ASVS is presented the way it is, exactly because security is an \emph{emergent property},
and thus security measures should not be regarded as attachments to respective components of an app.
per type of architectural component of a web app, and thus integrate it into the development lifecycle.
We suspect the ASVS is presented the way it is, exactly because security is an \emph{emergent property},
and thus security measures should not be regarded as attachments to respective components of an app.