Elar Lang
Elar Lang
This Pull Request relates to issue #906
This Pull Request relates to issue #1331
Problem: there is no requirement which says, that API responses must be in JSON or XML format. If they are not, and those return some content of file for example,...
Initial discussion on requirement 3.4.5 in issue #978 . But I would solve it a bit different way and it deserves separate issue, as it is quite big change. Problems...
I created 3.4.6 myself but now watching it, I think in a way those are duplicates 3.4.2 and can be merged. From checklist perspective those are separate checks, but those...
spin-off from https://github.com/OWASP/ASVS/issues/737#issuecomment-1162087686 **V1.11 Business Logic Architecture** | # | Description | L1 | L2 | L3 | CWE | | :---: | :--- | :---: | :---: | :---:...
discussion/new requirement: inventory/documentation for "allow listed" sources and communications
Over time there is need to configure every kind of allow lists, like *-src and frame-ancestors for Content-Security-Policy (current requirements 14.4.3 and 14.4.7), allowed Origin's (14.2.3, 13.5.2, 14.5.3), allow list...
I opened issue based on wish/requirement/proposal from Rob van der Veer. A lot of different standards or documentation have their own numeration and as an end user it would be...
Goal: to cover all requirements, where an application need to check, was a HTTP request made by the browser/client legit or forced by malicious actor from 3rd party site. It...
I collect here requirements for documentation - those are pre-conditon to be able to make pentest. Later or at the end those will be (probably) requirements in V1 category *...