MASVS-RESILIENCE Refactoring (till 02.09.22) #656
Replies: 2 comments 2 replies
-
Hola/Hello Carlos / @cpholguera, Let me introduce myself, my name is Antonio J. Turel, as a Telecommunications Engineering working on ICTechnologies I appreciate this cybersecurity iniciative being in constant improvement. I will try to get some time to other OWASP projects such as MSTG, Top10... I have already started my collaboration: You'll find a comment in the Google Spreadsheet, I hope this help you and there is also the PR #658 to attend if there are, or not, any edition need it. Gracias/Thanks |
Beta Was this translation helpful? Give feedback.
-
Hi @cpholguera, @TheDauntless, @sushi2k, First of all, thank you for the continued efforts on MAS and all the work on the refactor! Overall all the category refactors have been great improvements and this one for RESILIENCE definitely is too. After reflecting on the new version a bit I have 2 suggestions; 1. MASVS-RESILIENCE-4 Split a. App validates its code at runtime. I feel giving these their own item might make a little more sense conceptually. Splitting off (a) for only code integrity would create the dynamic/runtime counterpart of 2. Requirement of Variability For me this addition would be the sibling of the (refactored) So more concrete, an attempt at phrasing;
|
Beta Was this translation helpful? Give feedback.
-
Hello everybody,
as part of the refactoring process we decided to publish our draft of every section of the MASVS that we (@cpholguera, @TheDauntless and @sushi2k) worked on.
This is based on the MASVS category "V8: Resilience Requirements" (from the MASVS Version 1.4.2): https://github.com/OWASP/owasp-masvs/blob/v1.4.2/Document/0x15-V8-Resiliency_Against_Reverse_Engineering_Requirements.md
Here you can find a summary of the proposed new requirements (more details below):
In the following link we include a nice visualization as a diff spreadsheet including:
MASVS-RESILIENCE Refactoring Diff
Beta Was this translation helpful? Give feedback.
All reactions