ASVS icon indicating copy to clipboard operation
ASVS copied to clipboard

Published 20 hours ago verified publisher icon OWASP

V1 - new documentation requirements

Open elarlang opened this issue 3 years ago • 3 comments

I collect here requirements for documentation - those are pre-conditon to be able to make pentest.

Later or at the end those will be (probably) requirements in V1 category

  • logs
    • https://github.com/OWASP/ASVS/issues/892
  • sensitive data
    • https://github.com/OWASP/ASVS/issues/1064
  • business logic limits
  • used components (SBOM)
  • external resources (for allow-listing outgoing connections, defense/lowering impact for SSRF for example)
    • https://github.com/OWASP/ASVS/issues/993
  • browser version check
    • https://github.com/OWASP/ASVS/issues/959
  • file upload
    • https://github.com/OWASP/ASVS/issues/1604

elarlang avatar Feb 23 '22 19:02 elarlang

@set-reminder 5 weeks @tghosth to look at this

tghosth avatar Dec 12 '22 12:12 tghosth

Reminder Monday, January 16, 2023 12:00 AM (GMT+01:00)

@tghosth to look at this

octo-reminder[bot] avatar Dec 12 '22 12:12 octo-reminder[bot]

🔔 @tghosth

@tghosth to look at this

octo-reminder[bot] avatar Jan 15 '23 23:01 octo-reminder[bot]