Secure Coding V10 - Sanity Check Comments/Suggestions for v.5.0 #2594
Labels
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V10
_5.0 - prep
This needs to be addressed to prepare 5.0
Comments
Can you explain, why it does not fit? Also see #1389 |
tghosth
added
1) Discussion ongoing
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Chapter V10 - Secure Coding
Here are a few things I observed reviewing this chapter for v.5.0 for sanity check related to #2582:
V10.4 Defensive Coding
Needs some paragraph describing this section. For consistency across all subsections in ASVS.
V10.5 Security Architecture
Needs some paragraph describing this section. For consistency across all subsections in ASVS.
Suggestion:
10.4.6 [ADDED] Verify that the application is able to discern and utilizes the user's true IP address to provide for sensitive functions, including rate limiting and logging.This requirement doesn't feel like it should belong here in this chapter though. We may need to check out where else it could fit. Seems odd for it to be here.
The text was updated successfully, but these errors were encountered: