Josh Grossman
Josh Grossman
access control at an untrusted layer is a very common and well established issue which is why I think it deserves a specific call out. Something like logging can be...
I think I would err on simple but clear requirements that stand alone. I would be open to an example where we mention the TSL as part of another requirement...
hi @moshe-apiiro, Whilst I agree that something like this would seem to be a sensible level 3 requirement, I am a little concerned that we are potentially duplicating ground covered...
@elarlang @jmanico , Daniel has said that build environment controls should stay in v5 of ASVS, what do you think?
Tricky one. Daniel says yes and Jim says no @elarlang what do you think?
@elarlang any idea what the next action on this is?
I think we need to provide high level requirement in ASVS and in the references section link to the relevant cheatsheet. So what is the next action here @elarlang ?
@elarlang do you think you could expand on how you see the difference between these as it is not super clear to me. Also, we should consider the following requirements:...
So it feels like this could be combined as follows: > Verify the application has appropriate business logic limits or validation (at both a user level and at an overall...
But do you think the implementation would be completely separate. I would assume the implementation would be the same with some sort of configuration difference between absolute limits and per...