OpenCRE icon indicating copy to clipboard operation
OpenCRE copied to clipboard

Published 20 hours ago verified publisher icon OWASP

add SKF data

Open northdpole opened this issue 3 years ago • 2 comments

Issue

What is the issue?

SKF has a knowledge base and code examples we could add the relevant SKF knowledge base items (MASVS, ASVS and custom descriptions) to CRE. Let's do this

northdpole avatar Jan 21 '22 12:01 northdpole

Lab items: the "LabItem" thing here https://github.com/blabla1337/skf-flask/blob/main/skf/initial_data.py Knowledge base items: ChecklistKB

code is the md files here https://github.com/blabla1337/skf-flask/blob/main/skf/markdown/code_examples/web/django-needs-reviewing/11-code_example--X_XSS_Protection_header--.md

and knowldge base is the md files here https://github.com/blabla1337/skf-flask/blob/main/skf/markdown/knowledge_base/web/10002-knowledge_base--XSS_injection--.md

northdpole avatar Jan 21 '22 12:01 northdpole

As the SKF knowledge base and code examples are standards, just like asvs is a standard, the procedure of adding these resources is to 1. add the proper cre links to the source documents and then let the parser automatically add the mapping data. This is the only approach that is maintainable and therefore sustainabile AND it is instantly reciprocal: the standard contains a link to the CRE, doing a service to the readers of the standard, plus the cre will contain the link to the SKF resource. In other words: the tactic now should try to avoid adding mapping data to the mapping specs - unless we are still far away of convincing the standard to add links to the CRE.

robvanderveer avatar Jan 21 '22 13:01 robvanderveer