ASVS v5.0 Overall Sanity Check

[csfreak92]

As tasked by @tghosth for me to do a sanity check (as someone who has been out of action for a while in the project) to see if things are in proper places and if things make sense overall. This is my main task the past few weeks (and still working on it) since I am not that knee-deep in the snow working on ASVS v5.0. Myself, as someone who is familiar with using ASVS for security testing/security design reviews, my task is to check each of the chapters in our upcoming v5.0 for someone who relatively knows how to use it and see if it still makes sense and not much of a learning curve/jump to work on in case other people will read it.

Cross-checking from previous ASVS versions/iterations of the requirements gave me a better picture of what has changed and a good idea of why it has changed, but there are some that come out as either we need some clarity for those requirements or some modifications needed. As a result, I am opening some Pull Requests related to some of the sanity checks I've done together with some additions/clean-ups/suggestions/modifications/grammatical changes. I will tag the related other new issues for some clarifications I wish to ask the WG or even the leaders as to some stuff that might be missing/moved away which I think would be easier asked than digging deep in the threads.

Goal: Do an overall sanity check and see if things make sense where things are placed.

Finished Reviewing at:

• Access Control V4
• Business Logic V11
• Configuration V14
• Files and Resources V12
• Secure Coding V10
• Web APIs V13 (review is in progress)
• Secure Communication V9 (perfect, nothing to change!)
• Data Protection V8 (review is in progress)
• Security Logging and Error Handling V7 (perfect, nothing to change!)

Work in Progress Reviewing other remaining chapters and will be added later