Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added myself as a contributor.
Moved TASVS-CODE-7 to TASVS-CONF-2.
Added to TASVS-CODE-7.
Added to TASVS-CONF-2.
Note : I've seen in TASVS-STORAGE a category specific to a specific vulnerability (DLL Hijacking). I think this should be modified as the testing standard is not made for specific vulnerabilities in my opinion. Additionally, these items are explaining a type of attack and do not provide any guidance to what to test or how to prevent/mitigate risks of such attacks. The equivalent in the Web Application Security Verification Standard would be to add an item as such:
"Cross-Site Scripting Category - Blind cross-site scripting (XSS) is a variant of stored XSS where the malicious payload is executed in a different context or application than where it was originally injected.".
I don't think this make sense in the context of a Verification Standard.
Let me know if you agree. Cheers