Josh Grossman

Waiting for response to https://github.com/OWASP/ASVS/issues/1697#issuecomment-1715772670

> Verify that the application is able to discern and utilizes the user's true IP address to provide data integrity and that rate limiting and logging use this true IP....

@elarlang what do you think about chapter 11.2 ("Anti-automation" within "Business Logic") as this new requirement mostly seems to be related to this.

I disagree that this is server configuration because it is the application itself that needs a clear way of doing this. I think I would still support being in the...

that is interesting @motoyasu-saburi Do you think you could try and formulate a requirement based on the conclusions of your research?

@set-reminder 3 weeks @tghosth to open a PR with this > Verify that ~~security~~ logs are protected from unauthorized access and _**cannot be modified**_.

@set-reminder 4 weeks @tghosth to look at this

I'm going to close again for now, we seem to be focusing ASVS pretty specifically on the building an application securely whereas this is more of a process/activity related to...

This will be handled in #1188 and the logging point in #1577

@elarlang I think I made the changes you wanted here.