sbp opened a new issue, #334: URL: https://github.com/apache/tooling-trusted-releases/issues/334
There are 70 L1 criteria in [ASVS v5.0.0](https://raw.githubusercontent.com/OWASP/ASVS/v5.0.0/5.0/OWASP_Application_Security_Verification_Standard_5.0.0_en.pdf), but not all apply to ATR. We plan to evaluate compliance in order of approximate importance of L1 criteria. Since ASVS does not provide a priority ordering within levels, we have decided upon the following order. Note that the aim is to evaluate compliance with all L1 criteria. Ordering in this way is not intended to exclude any criteria, only to shape the issue so that the highest priority criteria are addressed first. Our ordering does not, therefore, need to be indisputable, and we are not relying on it being an accurate estimation of priority. In summary: **The categories below are not necessarily accurate or meaningful and should not be used for other purposes.** Server side execution: 1.2.4, 1.2.5, 1.3.2, 5.2.2, 5.3.1, 5.3.2, 15.2.1. Cross site scripting: 1.2.1, 1.2.2, 1.2.3, 1.3.1, 3.2.1, 3.2.2, 4.1.1. Weak cryptography: 3.4.1, 4.4.1, 11.3.1, 11.3.2, 11.4.1, 12.1.1, 12.2.1, 12.2.2. External access: 3.4.2, 3.5.1, 3.5.2, 3.5.3, 10.4.1, 14.2.1. Universal spoofing: 7.3.2, 9.1.1, 9.1.2, 10.4.2, 10.4.5. Internal access: 2.2.1, 2.2.2, 2.3.1, 8.2.1, 8.3.1, 10.4.4. Credential stealing: 3.3.1, 7.2.2, 7.2.3, 7.2.4, 7.4.2, 9.1.3, 9.2.1, 10.4.3, 14.3.1. Basic access: 8.2.2, 13.4.1, 15.3.1. Brute force identification: 6.2.1, 6.2.4, 6.3.1, 6.3.2, 6.4.1. Credential integrity: 6.2.2, 6.2.3, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.4.2, 7.4.1. Denial of service: 1.5.1, 5.2.1. Documentation: 2.1.1, 6.1.1, 8.1.1, 15.1.1. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
