Josh Grossman

Sorry I think I was not clear enough when I said "_What is the suggested action at the requirements level here @bitnesswise?_" My point was that ASVS is a standard...

I think that we have discussed this to death and that #2434 should finally close this

So this was quite a long discussion, I am going to try summarise it without reading every letter 🙃 * If I understand correctly, the proposal from @leirn is to...

Hi @elarlang / @leirn, thanks for your input (thanks @jmanico as well 😀) I think you both set out your positions clearly although I think there is some subtlety here....

I am going to tag this as rework/v2 mostly because I want to leave it for a discussion and then we can come to a decision when we rewrite the...

This feels like more complexity than we need so I propose to close this issue @jmanico @elarlang

So this is like a context specific input validation. I mean that it is not sufficient to check that the data is the right type, size or format for the...

I think the control flow thing here is the key point. I would propose an addition to V5.1 Input Validation: | # | Description | L1 | L2 | L3...

@ImanSharaf @elarlang comments?

This is the attack vector which concerns me: https://github.com/OWASP/ASVS/issues/1570#issuecomment-1458679446 @elarlang