Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1.4.2 - [Clarification/For Discussion] for "flexible" access control solution #736

Closed
csfreak92 opened this issue Apr 17, 2020 · 9 comments
Closed

1.4.2 - [Clarification/For Discussion] for "flexible" access control solution #736

csfreak92 opened this issue Apr 17, 2020 · 9 comments
Assignees
@jmanico @csfreak92
Milestone
4.1

Comments

@csfreak92
Copy link
Collaborator

ASVS 4.0 - 1.4.2 verification requirement is:

Verify that the chosen access control solution is flexible enough to meet the application's needs.

This control is too vague, what does it mean by having a flexible access control solution? Maybe this be expanded to explain to developers and tester what this requirement really means?
@csfreak92 csfreak92 changed the title 1.4.2 - clarification for "flexible" access control solution 1.4.2 - [Clarification/For Discussion] for "flexible" access control solution Apr 17, 2020
@jmanico
Copy link
Member

jmanico commented Apr 17, 2020 via email

@csfreak92
Copy link
Collaborator Author

Hi @jmanico, do you mean you would drop this 1.4.2 verification requirement for the next ASVS iteration? Or was my open issue not helping as well?

@jmanico
Copy link
Member

jmanico commented Apr 17, 2020 via email

@elarlang
Copy link
Collaborator

One thing less to report :)

@jmanico Peale set milestone 4.1 to the issue, then it's clear and easy to follow.

@tghosth tghosth added this to the 4.1 milestone Apr 23, 2020
@tghosth
Copy link
Collaborator

tghosth commented Apr 23, 2020

Done, leaving this for when we prepare 4.1

@csfreak92
Copy link
Collaborator Author

@tghosth, shall I create a pull request ready to remove this control?

@tghosth
Copy link
Collaborator

tghosth commented May 21, 2020

let's leave this open for now. I am not sure if we want a PR at this point for something relatively basic. We currently have a discussion about releasing a 4.0.2 (#750) so I am not running to change requirements at this point.

@jmanico
Copy link
Member

jmanico commented Mar 12, 2021

Hey @csfreak92 we'll take that PR now please!

csfreak92 added a commit to csfreak92/ASVS that referenced this issue Mar 14, 2021
@csfreak92
Update on 0x10-V1-Architecture.md
b9ce9b1 
Removal of 1.4.2 - Verify that the chosen access control solution is flexible enough to meet the application's needs from V1.4 Access Control Architectural Requirements. 

This Pull Request relates to issue OWASP#736 as agreed upon to be removed from the standard.
@csfreak92 csfreak92 mentioned this issue Mar 18, 2021
Closed
@jmanico
Copy link
Member

jmanico commented Mar 18, 2021

Completed here 480bb9d and closing this out

@jmanico jmanico closed this as completed Mar 18, 2021
@tghosth tghosth mentioned this issue Oct 25, 2021
Merged
tghosth added a commit that referenced this issue Oct 25, 2021
@tghosth
Deleted 1.4.2 as per #736
d8d73b3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmanico jmanico

@csfreak92 csfreak92

Labels
None yet
Projects
None yet
Milestone
4.1
Development

No branches or pull requests
4 participants
@jmanico @csfreak92 @tghosth @elarlang