Christian Heinrich

https://github.com/cider-security-research/top-10-cicd-security-risks

Can I recommend that any specific older legacy web technology such as JSONP be put into an ASVS fork as there is no fix/control for JSONP bypassing CSP and developers...

> I think we should show the way to go, not discussing was the way so far correct. ASVS is not intended to force a developer to change web technologies...

> I don't understand what you are trying to say. Do you agree that we need an ASVS requirement that prohibits JSONP? Or do you want the ASVS to be...

I just did a search for "MFA" in the 4.0.2 PDF and it's not directly specified as a requirement @jmanico but is mentioned six (6) times in the 4.0.2 PDF...

> In general, if you do search for improvement _bleeding edge_ version, then it makes sense to use _bleeding edge_ materials. v4.0.2 is released year ago and does not contain...

> We work here with markdown, in github. Your build is when you open a browser and/or make git pull. https://github.com/search?q=MFA+in%3Afile+repo%3AOWASP%2FASVS&type=Code searches for MFA in the default branch @elarlang

> Can I get comments on this? If not, I'm going to go for this and PR my suggestion. If you don't have the time I can submit the PR...

Can insert a clarification where 4.3.1 excludes management of a team account i.e. multiple user accounts as I'd assume this is the management of the SaaS application itself, including hosted...

Should we deprecate https://github.com/OWASP/ASVS/blob/master/4.0/en/0x22-V14-Config.md#v142-dependency for the https://github.com/OWASP/Software-Component-Verification-Standard then?