ASVS icon indicating copy to clipboard operation
ASVS copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Resolve #1324

Open tghosth opened this issue 3 years ago • 3 comments

This Pull Request relates to issue #1324

Note CWE change.

tghosth avatar Aug 24 '22 14:08 tghosth

I can not see, how this requirement fits to category "V14.1 Build and Deploy"

elarlang avatar Aug 25 '22 13:08 elarlang

It is the closest configuration sub-section, I don't think it is ideal but I am not sure there is any better option...

tghosth avatar Aug 30 '22 17:08 tghosth

Can we implement just change for CWE?

I can not see how we can improve current situation with category change. The current one suites better. If we have separate (sub)category for configuration hardening, then it can go there.

elarlang avatar Oct 08 '22 17:10 elarlang

@elarlang I don't think having an SSRF category makes sense, especially with just one requirement which is pretty general anyway. Would you prefer that we start a configuration hardening section in V14?

tghosth avatar Oct 21 '22 10:10 tghosth

@elarlang I think I made the changes you wanted here.

tghosth avatar Jul 11 '23 05:07 tghosth

Waiting for: https://github.com/OWASP/ASVS/issues/1491

tghosth avatar Jul 20 '23 16:07 tghosth

Do we think this can be merged now @elarlang

tghosth avatar Sep 28 '23 12:09 tghosth

Can we not have "/" in the subcategory title?

Double . at the end of requirement text (14.7.1), double space after moved label (12.6.1)

elarlang avatar Sep 28 '23 12:09 elarlang

@elarlang is that better?

tghosth avatar Sep 28 '23 14:09 tghosth

approved, I leave the merge process for you (as there are some conflicts to solve)

elarlang avatar Sep 28 '23 17:09 elarlang