Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential issues in the bleeding edge chapter 14 and 20. #2454

Closed
ValdiGit01 opened this issue Dec 11, 2024 · 4 comments
Closed

Potential issues in the bleeding edge chapter 14 and 20. #2454

ValdiGit01 opened this issue Dec 11, 2024 · 4 comments
Assignees
@elarlang
Labels
6) PR awaiting review V50 Group issues related to Web Frontend _5.0 - prep This needs to be addressed to prepare 5.0

Comments

@ValdiGit01
Copy link

Hi, I have been following the great work you are doing on v5.0. Unless I'm mistaken, I’ve found an issue you might want to fix:

Issue with 14.4.6:
14.4.6 refers to 50.2.4, while 50.2.4 appears to be moved and modified from 3.4.4 appears to have been moved and modified from 3.4.4. (See snippet below from the RAW version)

| 14.4.6 | [MOVED TO 50.2.4] | | | | |
from -> https://github.com/OWASP/ASVS/blob/master/5.0/en/0x22-V14-Config.md

| 50.2.4 | [MODIFIED, MOVED FROM 3.4.4, LEVEL L1 > L2] Verify that cookies have the '__Host-' prefix for the cookie name unless they are explicitly designed to be shared with other hosts. | | ✓ | ✓ | |
Source-> https://raw.githubusercontent.com/OWASP/ASVS/refs/heads/master/5.0/en/0x50-V50-Web-Frontend-Security.md

Issue with 14.4.7:
14.4.7 refers to 50.2.5 but there is no 50.2.5 in v5.0 (it ends with 50.2.4)
Copy paste from chapter 14:
| 14.4.7 | [MOVED TO 50.2.5] | | | | |
Source -> https://github.com/OWASP/ASVS/blob/master/5.0/en/0x22-V14-Config.md AND https://raw.githubusercontent.com/OWASP/ASVS/refs/heads/master/5.0/en/0x50-V50-Web-Frontend-Security.md

Best regards,
Thor
@ValdiGit01 ValdiGit01 changed the title Potential error in the bleeding edge. Potential issues in the bleeding edge chapter 14 and 20. Dec 11, 2024
@elarlang
Copy link
Collaborator

Yes, that is correct - the mapping is incorrect after inserting the cookie section into the V50 and changed many numbers there. Thank you!

@elarlang elarlang added the V50 Group issues related to Web Frontend label Dec 11, 2024
@elarlang elarlang self-assigned this Dec 11, 2024
@elarlang elarlang added the 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR label Dec 11, 2024
elarlang pushed a commit to elarlang/ASVS that referenced this issue Dec 11, 2024
mapping fixes, resolve OWASP#2454
ee0ff1f
@elarlang elarlang mentioned this issue Dec 11, 2024
Merged
@elarlang elarlang added 6) PR awaiting review and removed 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR labels Dec 11, 2024
@elarlang
Copy link
Collaborator

After the merge of ee0ff1f via #2455 the mapping should be up to date again. Thank you @ValdiGit01 !

@tghosth
Copy link
Collaborator

tghosth commented Dec 11, 2024

@ValdiGit01 did you find these manually or using a tool?

@tghosth tghosth added the _5.0 - prep This needs to be addressed to prepare 5.0 label Dec 11, 2024
@ValdiGit01
Copy link
Author

@ValdiGit01 did you find these manually or using a tool?

I did it manually. Im using the bleeding edge to plan for work in 2025 :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elarlang elarlang

Labels
6) PR awaiting review V50 Group issues related to Web Frontend _5.0 - prep This needs to be addressed to prepare 5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tghosth @ValdiGit01 @elarlang