Why I'm Translating OWASP's Security Standard Into Panjabi — And Why It Matters
What happens when 130 million speakers can finally read the security requirements their applications need to meet?
Executive Summary: The OWASP Application Security Verification Standard (ASVS) 5.0 — the global benchmark for application security requirements — now has its first-ever Panjabi translation underway. Using a bilingual English/Gurmukhi format with a 100+ term security glossary, this open-source project (PR #3254) makes 350 security requirements accessible to Panjabi-speaking developers and security professionals worldwide. Phase A is complete. Reviewers needed — no GitHub experience required.
There are over 130 million Panjabi speakers worldwide. Until now, none of them could read the OWASP Application Security Verification Standard in their own language.
That changes with PR #3254.
The Gap Nobody Talks About
OWASP ASVS 5.0 is the gold standard for application security requirements — 350 requirements across 17 chapters that architects, developers, and security teams use to build and verify secure software. It's been translated into Turkish, Russian, French, Korean, Spanish, and Chinese.
But not into Panjabi. As of this writing, no completed ASVS translation exists in any South Asian language — not Hindi, Urdu, Bengali, Tamil, or Panjabi.
This isn't just a language gap. It's a security gap. Panjabi-speaking developers across India, Pakistan, Canada, the UK, and the US are building applications that serve millions. They deserve security guidance they can read without a language barrier sitting between them and the requirements they need to implement.
What Makes This Translation Different
Most translations replace English with the target language entirely. I took a different approach: every section is bilingual. English first, Panjabi immediately below.
Here's why. Security terminology is precise. "Authentication" and "authorization" are not interchangeable, and neither are their Panjabi equivalents. A bilingual format lets a developer read the Panjabi for comprehension and cross-reference the English for technical precision. No ambiguity. No guessing.
## Copyright and License
## ਕਾਪੀਰਾਈਟ ਅਤੇ ਲਾਇਸੈਂਸ
This document is released under the Creative Commons
Attribution-ShareAlike 4.0 International License.
ਇਹ ਦਸਤਾਵੇਜ਼ ਕਰੀਏਟਿਵ ਕਾਮਨਜ਼ ਐਟਰੀਬਿਊਸ਼ਨ-ਸ਼ੇਅਰਅਲਾਈਕ ੪.੦
ਅੰਤਰਰਾਸ਼ਟਰੀ ਲਾਇਸੈਂਸ ਅਧੀਨ ਜਾਰੀ ਕੀਤਾ ਗਿਆ ਹੈ.
Notice the Gurmukhi numerals — ੪.੦ instead of 4.0. These details matter. They signal that this isn't a machine-translated afterthought. It's a deliberate effort to honor the script and the community it serves.
The Terminology Problem (And How We Solved It)
How do you translate "SQL Injection" into Panjabi? You don't — at least not entirely. Security has its own lingua franca, and forcing every term into translation creates more confusion than clarity.
We built a glossary of 100+ security terms, each classified into one of four categories:
| Category | When to Use | Example |
|---|---|---|
| Translated (T) | Concept has a natural Panjabi equivalent | Authentication → ਪ੍ਰਮਾਣੀਕਰਨ |
| Loan Word (L) | Term is universally used in English | API → ਏ.ਪੀ.ਆਈ. |
| Retained (R) | Acronym or proper noun | OWASP, SQL, XSS |
| Hybrid (H) | Part translates, part stays | SQL Injection → SQL ਇੰਜੈਕਸ਼ਨ |
This T/L/R/H system came from spending real time with the source material and asking a practical question: if a Panjabi-speaking developer reads this term in a code review, which version will they actually recognize?
The answer varies by term, and that's the point. "Verification" becomes ਤਸਦੀਕ (tasdeeq) because Panjabi has a rich word for it. "CSRF" stays as CSRF because no translation improves on the acronym every developer already knows.
Complete Security Terminology Glossary
Below is the working glossary for the OWASP ASVS 5.0 Panjabi translation. Each term includes the Gurmukhi translation, romanization, and its T/L/R/H classification. I'm actively seeking feedback on these choices — scroll down to the feedback section to suggest changes.
Core ASVS Terms
| English | Panjabi (ਪੰਜਾਬੀ) | Romanization | Type | Context |
|---|---|---|---|---|
| Application | ਐਪਲੀਕੇਸ਼ਨ | aiplicaishan | L | Software application |
| Security | ਸੁਰੱਖਿਆ | surakkhiā | T | Protection, safety |
| Verification | ਤਸਦੀਕ | tasdeeq | T | Validation, confirmation |
| Standard | ਮਿਆਰ | miyār | T | Benchmark, criterion |
| Requirement | ਲੋੜ | loṛ | T | Need, specification |
| Architecture | ਆਰਕੀਟੈਕਚਰ | ārkīṭaikchar | L | System design |
| Framework | ਫਰੇਮਵਰਕ | pharaimvarak | L | Structural foundation |
| Compliance | ਪਾਲਣਾ | pālṇā | T | Adherence to rules |
| Assessment | ਮੁਲਾਂਕਣ | mulāṅkaṇ | T | Evaluation |
| Implementation | ਲਾਗੂਕਰਨ / ਅਮਲ | lāgūkaraṇ / amal | T | Putting into practice (under review) |
Authentication & Authorization
| English | Panjabi (ਪੰਜਾਬੀ) | Romanization | Type | Context |
|---|---|---|---|---|
| Authentication | ਪ੍ਰਮਾਣੀਕਰਨ | pramāṇīkaraṇ | T | Identity verification |
| Authorization | ਅਧਿਕਾਰੀਕਰਨ | adhikārīkaraṇ | T | Permission granting |
| Session Management | ਸੈਸ਼ਨ ਪ੍ਰਬੰਧਨ | saishan prabandhan | H | Session handling |
| Access Control | ਪਹੁੰਚ ਨਿਯੰਤਰਣ | pahuṅch niyaṅtraṇ | T | Permission management |
| Credential | ਕ੍ਰੈਡੈਂਸ਼ੀਅਲ | kraiḍainsheeal | L | Login information |
| Password | ਪਾਸਵਰਡ | pāsvaraḍ | L | Secret passphrase |
| Multi-Factor Authentication | ਬਹੁ-ਕਾਰਕ ਪ੍ਰਮਾਣੀਕਰਨ | bahu-kārak pramāṇīkaraṇ | H | MFA |
| Token | ਟੋਕਨ | ṭokan | L | Authentication token |
| OAuth | OAuth | — | R | Authorization protocol |
| Single Sign-On | ਸਿੰਗਲ ਸਾਈਨ-ਆਨ | siṅgal sāīn-ān | L | SSO |
Vulnerabilities & Threats
| English | Panjabi (ਪੰਜਾਬੀ) | Romanization | Type | Context |
|---|---|---|---|---|
| Vulnerability | ਕਮਜ਼ੋਰੀ | kamzorī | T | Security weakness |
| Threat | ਖ਼ਤਰਾ | khatrā | T | Potential danger |
| Risk | ਖ਼ਤਰਾ/ਜੋਖ਼ਮ | khatrā/jokham | T | Probability of harm |
| Exploit | ਐਕਸਪਲੋਇਟ | aiksploiṭ | L | Attack technique |
| Attack Surface | ਹਮਲੇ ਦੀ ਸਤ੍ਹਾ | hamlai dī sathā | T | Exposure area |
| Threat Modeling | ਖ਼ਤਰਾ ਮਾਡਲਿੰਗ | khatrā māḍliṅg | H | Threat analysis |
| Injection | ਇੰਜੈਕਸ਼ਨ | iṅjaikshan | L | Code injection class |
| SQL Injection | SQL ਇੰਜੈਕਸ਼ਨ | SQL iṅjaikshan | H | Database attack |
| Cross-Site Scripting (XSS) | XSS | — | R | Client-side injection |
| Cross-Site Request Forgery (CSRF) | CSRF | — | R | Request forgery |
| Path Traversal | ਪਾਥ ਟਰੈਵਰਸਲ | pāth ṭraivarsaḷ | L | Directory traversal |
| Command Injection | ਕਮਾਂਡ ਇੰਜੈਕਸ਼ਨ | kamāṅḍ iṅjaikshan | H | OS command attack |
| XML External Entity (XXE) | XML ਬਾਹਰੀ ਇਕਾਈ | XML bāhrī ikāī | H | XML parser attack |
| Server-Side Request Forgery (SSRF) | SSRF | — | R | Server request attack |
| Template Injection | ਟੈਂਪਲੇਟ ਇੰਜੈਕਸ਼ਨ | ṭaimpḷaiṭ iṅjaikshan | H | Template engine attack |
Cryptography & Data Protection
| English | Panjabi (ਪੰਜਾਬੀ) | Romanization | Type | Context |
|---|---|---|---|---|
| Encryption | ਇਨਕ੍ਰਿਪਸ਼ਨ | inkripashan | L | Data encoding |
| Decryption | ਡੀਕ੍ਰਿਪਸ਼ਨ | ḍīkripashan | L | Data decoding |
| Hashing | ਹੈਸ਼ਿੰਗ | haishiṅg | L | One-way function |
| Certificate | ਸਰਟੀਫਿਕੇਟ | sarṭīphikaiṭ | L | Digital certificate |
| Key Management | ਕੁੰਜੀ ਪ੍ਰਬੰਧਨ | kuṅjī prabandhhan | H | Crypto key handling |
| Data Protection | ਡੇਟਾ ਸੁਰੱਖਿਆ | ḍaiṭā surakkhiā | H | Information security |
| Sensitive Data | ਸੰਵੇਦਨਸ਼ੀਲ ਡੇਟਾ | saṅvaidanshaīl ḍaiṭā | H | Protected information |
Development & Testing
| English | Panjabi (ਪੰਜਾਬੀ) | Romanization | Type | Context |
|---|---|---|---|---|
| Secure Development | ਸੁਰੱਖਿਅਤ ਵਿਕਾਸ | surakhiat vikās | T | Secure SDLC |
| Code Review | ਕੋਡ ਸਮੀਖਿਆ | koḍ samīkhiā | H | Code inspection |
| Penetration Testing | ਪੈਨੀਟ੍ਰੇਸ਼ਨ ਟੈਸਟਿੰਗ | painīṭraishan ṭaisṭiṅg | L | Security testing |
| Static Analysis | ਸਥਿਰ ਵਿਸ਼ਲੇਸ਼ਣ | sthir vishlaishaṇ | T | SAST |
| Dynamic Analysis | ਗਤੀਸ਼ੀਲ ਵਿਸ਼ਲੇਸ਼ਣ | gatīshīl vishlaishaṇ | T | DAST |
| Input Validation | ਇਨਪੁੱਟ ਪ੍ਰਮਾਣਿਕਤਾ | inpuṭṭ pramāṇiktā | H | Data validation |
| Output Encoding | ਆਊਟਪੁੱਟ ਇੰਕੋਡਿੰਗ | āūṭpuṭṭ iṅkoḍiṅg | H | Data encoding |
| Sanitization | ਸੈਨੀਟਾਈਜ਼ੇਸ਼ਨ | sainīṭāīzaishan | L | Data cleaning |
| Error Handling | ਗਲਤੀ ਸੰਭਾਲ | galtī saṅbhāl | T | Exception management |
| Logging | ਲਾਗਿੰਗ | lāgiṅg | L | Event recording |
Infrastructure & Configuration
| English | Panjabi (ਪੰਜਾਬੀ) | Romanization | Type | Context |
|---|---|---|---|---|
| Configuration | ਸੰਰਚਨਾ | saṅrachnā | T | System settings |
| API | ਏ.ਪੀ.ਆਈ. | ai.pī.āī. | L | Application interface |
| Web Service | ਵੈੱਬ ਸੇਵਾ | vaib saivā | H | Network service |
| Firewall | ਫਾਇਰਵਾਲ | phāiarvāl | L | Network barrier |
| Malicious Code | ਖ਼ਤਰਨਾਕ ਕੋਡ | khatarnāk koḍ | H | Malware |
| File Upload | ਫਾਈਲ ਅੱਪਲੋਡ | phāīl apploḍ | L | File handling |
| Business Logic | ਕਾਰੋਬਾਰੀ ਤਰਕ | kārobārī tarak | T | Application logic |
Governance & Process
| English | Panjabi (ਪੰਜਾਬੀ) | Romanization | Type | Context |
|---|---|---|---|---|
| Policy | ਨੀਤੀ | nītī | T | Governance rule |
| Audit | ਆਡਿਟ | āḍiṭ | L | Formal examination |
| Incident Response | ਘਟਨਾ ਜਵਾਬ | ghaṭnā javāb | T | Security response |
| Documentation | ਦਸਤਾਵੇਜ਼ੀਕਰਨ | dastavaikzīkaraṇ | T | Written records |
| Traceability | ਟਰੇਸੇਬਿਲਟੀ | ṭraisaibilṭī | L | Audit trail |
| Remediation | ਸੁਧਾਰ | sudhār | T | Fixing issues |
ASVS Levels
| English | Panjabi (ਪੰਜਾਬੀ) | Romanization | Context |
|---|---|---|---|
| Level 1 | ਪੱਧਰ ੧ | paddhar 1 | Initial defense layer |
| Level 2 | ਪੱਧਰ ੨ | paddhar 2 | Standard security practices |
| Level 3 | ਪੱਧਰ ੩ | paddhar 3 | High-assurance requirements |
Why "Panjabi" and Not "Punjabi"
A deliberate choice. "Panjabi" follows the romanization used by Sikhri.org, the Panjab Digital Library, and academic institutions that work with Gurmukhi text. "Punjab" is an anglicization; "Panjab" and "Panjabi" are closer to the original ਪੰਜਾਬੀ pronunciation. Since this project is fundamentally about linguistic authenticity, the spelling should reflect that.
For terminology validation, we cross-reference against the Punjabi University English-Punjabi Dictionary (ਪੰਜਾਬੀ ਯੂਨੀਵਰਸਿਟੀ ਅੰਗਰੇਜ਼ੀ-ਪੰਜਾਬੀ ਕੋਸ਼), published by Punjabi University Patiala — first edition 1968, with subsequent editions through 2002 (ISBN 81-7380-095-2). This is the authoritative English-to-Panjabi reference work, and its entries for terms like "authentication" (ਪ੍ਰਮਾਣੀਕਰਨ, ਤਸਦੀਕ), "authorization" (ਅਧਿਕਾਰ ਸੌਂਪਣ ਦਾ ਕਾਰਜ), "access" (ਪਹੁੰਚ, ਰਸਾਈ, ਪਰਵੇਸ਼), and "implement" (ਅਮਲ ਵਿਚ ਲਿਆਉਣਾ, ਪੂਰਾ ਕਰਨਾ) directly informed our glossary choices.
A major inspiration for this glossary work is Sikhri's Guru Granth Sahib Dictionary. The Guru Granth Sahib is the eternal Guru and the supreme guiding authority for Sikhs — containing the divine utterances of six Gurus, three Sikhs, fifteen saints representing various religious traditions, and eleven poets from the Gurus' courts, all written in Gurmukhi, a script institutionalized by Guru Angad Sahib. Sikhri's dictionary project makes this sacred Gurmukhi text searchable, accessible, and precise for a global audience. Their approach to preserving linguistic authenticity while building for digital usability directly influenced how we structured our security terminology glossary. If the Guru Granth Sahib can be made digitally accessible with this level of care and reverence, a modern security standard certainly deserves the same intentionality.
What's Done, What's Next
Phase A is complete and live in PR #3254:
- Bilingual title page with full project credits
- Bilingual introduction covering ASVS 5.0 principles, levels, and scope
- 100+ term security glossary with Gurmukhi translations and romanization
- Translation notes with QA checklist and terminology decision log
- Peer review plan for security researchers
Phase B (March–April 2026) targets the core chapters: Architecture & Threat Modeling, Authentication, Session Management, and Access Control.
Phase C (May–July 2026) covers the remaining 13 security requirement chapters — everything from Cryptography to OAuth/OIDC.
Phase D (August 2026) is appendices, final QA, PDF generation, and a 4-week community review window.
The Bigger Picture: Digital Seva
In Sikh philosophy, seva means selfless service. Digital Seva is the same principle applied to technology — the idea that technical knowledge shouldn't be gatekept behind language barriers, institutional access, or cultural assumptions about who "belongs" in security.
This translation is one piece of a larger effort to make security knowledge genuinely accessible. Not "accessible" in the way a 40-page English PDF is technically available to download anywhere in the world. Accessible in the way that a Panjabi-speaking developer anywhere in the world can read a security requirement in their own script and immediately understand what their code needs to do.
Help Review This Translation
I need reviewers, and I've made it as easy as possible — no GitHub account or PR experience required.
Option 1: Email Me Directly (Easiest)
See a term that should be translated differently? Spot a Gurmukhi error? Just email gurvinder@securityleader.ai with the subject line "ASVS Panjabi Review". Even a one-line note like "I think ਕਮਜ਼ੋਰੀ works better as ਖ਼ਾਮੀ for Vulnerability" is valuable.
Option 2: GitHub PR Review (For the Git-comfortable)
Open PR #3254, click "Files changed," and leave inline comments on any file in 5.0/pa-IN/.
What Reviewers Should Focus On
You don't need to be both a Panjabi speaker AND a security expert — either qualification helps:
- Panjabi speakers: Does the translation read naturally, or does it feel like a forced word-for-word conversion? Are there better Gurmukhi equivalents for any term?
- Security researchers: Is the English source meaning preserved? Do any translations introduce ambiguity that could affect a developer's implementation?
- Gurmukhi linguists: Any Devanagari script contamination? Proper vowel signs (ਮਾਤਰਾ)? Clean Unicode?
Open Terminology Questions
These specific terms need community input:
| English | Current Choice | Alternative | Your Preference? |
|---|---|---|---|
| Verification | ਤਸਦੀਕ (tasdeeq) | ਪੜਤਾਲ (paṛtāl) | ? |
| Requirement | ਲੋੜ (loṛ) | ਸ਼ਰਤ (shart) | ? |
| Vulnerability | ਕਮਜ਼ੋਰੀ (kamzorī) | ਖ਼ਾਮੀ (khāmī) | ? |
| Threat Modeling | ਖ਼ਤਰਾ ਮਾਡਲਿੰਗ | ਖ਼ਤਰਾ ਨਮੂਨਾਕਰਨ | ? |
| Compliance | ਪਾਲਣਾ (pālṇā) | ਅਨੁਪਾਲਣ (anupālaṇ) | ? |
| Implementation | ਲਾਗੂਕਰਨ (lāgūkaraṇ) | ਅਮਲ (amal) / ਕਾਰਜ ਰੂਪ ਦੇਣਾ | ? |
What This Means for Security
Every language a security standard is translated into expands the pool of people who can build secure software. That's not a nice-to-have — it's a force multiplier. The next critical vulnerability might be found by a Panjabi-speaking developer who could finally read the ASVS requirement that told them what to look for.
Security knowledge should be accessible to all.
ਸੁਰੱਖਿਆ ਗਿਆਨ ਸਭ ਲਈ ਹੋਣਾ ਚਾਹੀਦਾ ਹੈ.
Your Next Move
- Security leaders: Share this with Panjabi-speaking team members or forward the glossary to your localization team as a model for multilingual security documentation.
- Panjabi-speaking professionals: Email gurvinder@securityleader.ai with "ASVS Panjabi Review" in the subject — even one term correction makes a difference.
- OWASP community members: Review PR #3254 and leave inline comments. Phase B chapters are coming March–April 2026.
Board Talking Points
- OWASP ASVS 5.0 is the industry standard for application security verification — used by enterprises globally for compliance and secure development.
- This is the first translation into any South Asian language, reaching 130M+ Panjabi speakers across India, Pakistan, Canada, the UK, the US, and diaspora tech communities worldwide.
- Bilingual format preserves technical precision while removing the language barrier — a model for expanding security literacy beyond English-dominant markets.
- Translation follows a structured QA process with terminology validation, peer review plans, and bilingual consistency checks — demonstrating that localization itself can follow security best practices.
Gurvinder Singh, CISSP, CISA, GWAPT, is a Principal Security Researcher at SecurityLeader.ai and Information Security Manager with 20+ years of cybersecurity experience. He leads the first Panjabi translation of OWASP ASVS 5.0 as part of his Digital Seva commitment to making security knowledge accessible across language barriers.
Links:
- PR #3254 — OWASP/ASVS
- GeeksikhSecurity Fork
- OWASP ASVS 5.0
- Guru Granth Sahib Dictionary (Sikhri) — inspiration for Gurmukhi digital accessibility
Read and review the translated content:
- Review Hub — Start Here
- Title Page (ਮੁੱਖ ਪੰਨਾ)
- Introduction (ਮੁਖਬੰਧ)
- Glossary (ਸ਼ਬਦਾਵਲੀ)
- Translation Notes
- Review Plan
Review Feedback: gurvinder@securityleader.ai · Subject: "ASVS Panjabi Review"