Section and requirement relevance questions

OWASP / ASVS

Application Security Verification Standard

Creative Commons Attribution Share Alike 4.0 International

2.73k stars 666 forks source link

Section and requirement relevance questions #1797

Open tghosth opened 11 months ago

tghosth commented 11 months ago

Something which comes up constantly is how do we know which requirement/sections of ASVS are relevant to an application.

(Most recently in discussions with the ADA.)

I think it would be good to have a set of questions at the start of each chapter/section to guide someone in whether they need to consider the requirements in that chapter/section.

What do people think?

elarlang commented 11 months ago

From my (organizing requirements to sections) point of view we need to clearly define, what kind of requirements should belong to which sections. It could help to solve this as well.

Something like: You need this section when the application uses X functionality / Y technology / Z solution

EnigmaRosa commented 8 months ago

100% agreed, especially given growing use for app adoption/approval.