Elar Lang
Elar Lang
is it actually closed and merged already?
Helper - current 2.3.4 requirement: | # | Description | L1 | L2 | L3 | CWE | [NIST §](https://pages.nist.gov/800-63-3/sp800-63b.html) | | :---: | :--- | :---: | :---: |...
Thank you for the effort!
I support level 1. It's not some nuclear science. It's a "smell of security", if you don't have even CSP set, then usually it correlates well with general quality.
Additional point of view - if you think, that something in CSP declaration is too advanced for level one, we can split the requirement with clear goals. Like level 1...
Depends, what kind problem we need to solve with this tool. From merging some translation from PR to the main repo, I have it covered. Since v4.0.3, each line of...
@tghosth - is it actually done and can be closed?
Hi @edusantos33 and @srjsoftware - do you have some progress with translation and is in state worth sharing with others? If you would like to start or update, it makes...
> The problem with 11.1.1 is that many workflows are not sequential, but are conditional based on user input. Perhaps? For this kind of functionality we don't apply 11.1.1. About...
The goal for 5.2.6 is clearly and only user input sanitize/validation. What you described here is more second layer of defense and we have related issue for that: https://github.com/OWASP/ASVS/issues/1324 For...