mariojmdavid
commented
2 years ago agree and, removed that part
Closed gmolto closed 2 years ago
mariojmdavid
commented
2 years ago agree and, removed that part
Please elaborate here on the enhancement request. I am proposing to eliminate the reference to "penetration testing" in QC.Sec03. Penetration testing is commonly applicable to a computer system or a web application, thus a running entity, but not to a static source code. I'd suggest keeping the references to "penetration testing" exclusively on the Service QC.
Describe the solution you'd like I'd propose to rephrase the sentence in QC.Sec03 "Inputs SHOULD come from automated linters and manual penetration testing results." to "Inputs SHOULD come from automated linters".
Additional context Penetration test: https://en.wikipedia.org/wiki/Penetration_test Penetration Testing Methodologies: https://owasp.org/www-project-web-security-testing-guide/latest/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies