Closed galapogos closed 5 years ago
sushi2k
commented
5 years ago Thanks for pointing this out. We had references at the very beginning of the project (maybe 3 years back), but then got rid of it as the requirements in the MASVS were still changing a lot.
This would need to be defined in the MASVS, so I created a ticket there https://github.com/OWASP/owasp-masvs/issues/205. Once we have the references in the MASVS we can also add them to checklist and reference also in the MSTG.
commjoen
commented
5 years ago Are we complete now? Can we close this issue :) ?
galapogos
commented
5 years ago Are we complete now? Can we close this issue :) ?
I still don't see the MSTG-ID in the latest v1.1 checklist.
commjoen
commented
5 years ago The checklists will be updated after the release: we first need a 1.1.3 release, so we have the tag in our git, after that we can put them there :). Will keep the issue open till after the 1.1.3 release of the checklists 👍
cpholguera
commented
5 years ago Isn't this already done after closing #1405? The checklists already contain the MSTG-XX IDs
commjoen
commented
5 years ago Can be closed now as the mstg-ids are in https://github.com/OWASP/owasp-mstg/releases/tag/1.1.3-excel
Unlike the OWASP OTG Testing Checklist (https://www.owasp.org/index.php/Testing_Checklist), the OWASP MSTG Checklist is lacking the "Category" field for the various checklist items. The category allows an easy descriptive reference to the tests instead of listing out the entire test name, e.g. referencing "OTG-INFO-001" instead of "Conduct Search Engine Discovery and Reconnaissance for Information Leakage". However, in the MSTG Checklist, there's no easy way of referencing individual test names.
Are there plans to include this category field in the MSTG Checklist, or is there a standardized way of doing so using existing fields within the checklist?