Josh Grossman
Josh Grossman
OK that is great, thanks for your efforts on this. Pulling in @ike as well. Before I merge this can you confirm where we currently are with the new outputs...
ok so d) can we make both work the old mechanism and the new mechanism work in both 4.0 and 5.0 so that we can verify that everything matches? I...
Thanks so @ike and @lfservin please let me know when you have confirmed the parity between them
Ok so @ike will you let me know when you have run the parity check? Note also that there are merge conflicts...
So just let me know how you both progress :)
I think there is a high likelihood that someone could write this into their own code and therefore just talking about vulnerable dependencies is not enough. I agree that this...
So having looked at 12.3, I think we could consider a specific requirement for zipslip or at least a mention of zipslip within an existing item in this section as...
So I disagree with combining it because whilst this is conceptually the same issue, the first part is solved using some sort of URL API but the zip slip thing...
So this is actually an interesting point and one that is actually really important. [1.2.4](https://github.com/OWASP/ASVS/blob/master/5.0/en/0x10-V1-Architecture.md#v12-authentication-architecture) > Verify that all authentication pathways and identity management APIs implement consistent authentication security control...
Fine: > Verify that, if the application includes multiple authentication pathways, security controls and authentication strength are enforced consistently across all pathways and that this is explicitly documented. Better? :)