Ralph Andalis

Since v5.0 is already released, I just want to pick up where this thread left off as it got me curious... So does that mean we need to clarify the...

Hi @tghosth, I was browsing the other issues and our current ASVS 5.0 repo and I think these requirements `5.4.2` and `5.3.12` you have listed above can fit the Defensive...

Ah I see, yeah now that I think about it this requirement makes more sense in sanitization chapter. This new modification feels something missing to me. I couldn't place what...

Yeah, a bit more context about format string vulnerabilities would help a long way @tghosth

>>Maybe I misinterpreted it, but I think it's more architecture requirement to say, that do not build access control to GraphQL, but use an extra business logic layer for that....

What do you think about it @craig-shony? Did @aholmis drive the points that explain this requirement? If that's the case, I think we should keep the requirement as is. Though,...

Having said that, I think this requirement should stay as is if we don't need to modify/remove it. Don't you agree?

> Good idea. Here is my first cut of a definition: > > Business logic in application security refers to the customized rules and processes that safeguard an application in...