Business Logic V11 - Sanity Check Comments/Suggestions for v.5.0 #2585

csfreak92 · 2025-02-07T08:44:07Z

Chapter V11 - Business Logic

This chapter was perfect in many ways! No revisions/changes from my end except some of the below mentioned where we need some consistency and clarity.

Here are a few things I observed reviewing this chapter for v.5.0 for sanity check related to #2582:

V1.11 Business Logic Documentation
Needs some paragraph describing this section. For consistency across all subsections in ASVS.

V11.2 Anti-automation
Needs some paragraph describing this section. For consistency across all subsections in ASVS.

V11.3 Input Validation
Needs some paragraph describing this section. For consistency across all subsections in ASVS.

Needs Clarity:

11.1.9 [ADDED] Verify that "atomic transactions" are being used at the business logic level such that either a business logic operation succeeds in its entirety, or it is rolled back to the previous correct state.

Suggestion: We need to clarify what atomic transactions mean.

I can draft something for the paragraphs describing the sections/subsections mentioned above as I finish the full sanity check.

The text was updated successfully, but these errors were encountered:

elarlang · 2025-02-07T09:30:33Z

Note that moving input validation from V5 to V11 is a recent change and is not fully finished, for related chapter texts, there is #2580

jmanico · 2025-02-07T13:19:31Z

I am happy to take this on if you like, I was working on this previously and re-wrote some of the description text. I'm willing if you want to pass to me. :)

tghosth · 2025-02-09T06:55:32Z

@csfreak92 please could you add some section and chapter text to this section as you see necessary.

A few important points:

We are hoping to finished within the next couple of weeks, if you don't think you will have time in this timeframe, please say so and then @jmanico can take it on.
Please try and keep it as short and specific as possible. It should be limited to a simple explanation of the section and any critical information which someone trying to understand the requirements would need.
As noted in V5 chapter texts - move input validation parts to correct place #2580, please refer to the text from V5 if necessary for the relevant moved requirements.
Requirement 11.1.9 does attempt to immediately define "atomic transactions". i.e. either all succeeds or all fails, but if you want to open a separate issue where you suggest a refinement to the wording, feel free.

elarlang added V11 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet labels Feb 7, 2025

tghosth assigned csfreak92 Feb 9, 2025

tghosth added the _5.0 - draft This should be discussed once a 5.0 draft has been prepared. label Feb 9, 2025

tghosth added 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos and removed 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet labels Feb 9, 2025

tghosth mentioned this issue Feb 9, 2025

V5 chapter texts - move input validation parts to correct place #2580

Open

tghosth added _5.0 - rc1 and removed _5.0 - draft This should be discussed once a 5.0 draft has been prepared. labels Feb 9, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Business Logic V11 - Sanity Check Comments/Suggestions for v.5.0 #2585

Business Logic V11 - Sanity Check Comments/Suggestions for v.5.0 #2585

csfreak92 commented Feb 7, 2025

elarlang commented Feb 7, 2025

jmanico commented Feb 7, 2025

tghosth commented Feb 9, 2025