OWASP ASVS – Level 3: Recommended for the most critical applications
Level 3 is typically reserved for applications that require significant levels of security verification. This could be applications found within areas of military, health and safety, critical infrastructure, etc.
Organizations may require ASVS Level 3 for applications that perform critical functions, where failure could significantly impact the organization’s operations, and even its survivability. An application achieves this level if it is adequately defended against all advanced security vulnerabilities, and it also demonstrates principles of good security design. Vulnerabilities at this level would most likely be exploited by determined attackers.
An application at ASVS Level 3 requires more in depth analysis, architecture, coding, and testing than all the other levels.