Input validation category abbreviation - ISTG><MASTG>WSTG

OWASP / owasp-istg

The IoT Security Testing Guide (ISTG) provides a comprehensive methodology for penetration tests in the IoT field, offering flexibility to adapt innovations, and developments in the IoT market while still ensuring comparability of test results.

https://owasp.org/www-project-iot-security-testing-guide/

Creative Commons Attribution Share Alike 4.0 International

89 stars 9 forks source link

Input validation category abbreviation - ISTG><MASTG>WSTG #4

Closed scriptingxss closed 9 months ago

scriptingxss commented 10 months ago

@rockhoppersec Should ISTG align input validation taxonomies from flag ship testing guide projects?

ISTG abbreviates the input validation category with INVAL e.g. IOT-DES-INVAL.
WSTG abbreviates using INPV e.g. WSTG-INPV-01
MASTG inherits MASVS abbreviations with MASVS-CODE-4 for input validation and testing for injection

rockhoppersec commented 10 months ago

Yes, that's a good idea. In my opinion, INPV is more intuitive than CODE.

rockhoppersec commented 9 months ago

Updated component overview (formerly mindmap) in https://github.com/OWASP/owasp-istg/commit/cfe958a2a0f64ae4894128357f6f6ae3cea739ea