[Owasp-guide] Authors -- how goes?

Vishal Garg vishalgrg at gmail.com
Fri Apr 2 08:31:10 EDT 2010


Hi Mike,

I am not sure whether I should forward this question to you or to the ASVS
people.

I am not clear about the difference between ASVS requirements 4.9 and 4.11.

4.9 - Verify that the same access control rules implied by the presentation
layer are enforced on the server side.

4.11 - Verify that all access controls are enforced on the server side.

Maybe the right question to ask would be that why do we have both these
requirements in ASVS while only 4.11 would have been sufficient, because all
the access control should always be enforced on the server side irrespective
of whether it has been implemented on the client side or not.

Regards
Vishal

On Wed, Mar 31, 2010 at 9:42 PM, Tom Stripling <
tstripling at appsecconsulting.com> wrote:

>  Mike,
>
>
>
> The previous version of the Guide does not match the ASVS outline at **all
> **.  I will have to do a rewrite in order to get it into a format that
> matches the ASVS headers.  For now I’ve just created blank pages and pasted
> the previous Guide version into the main Input Validation page.  Is that
> going to work for you?  If not, I’d appreciate your input on how you think
> that content should be segregated.
>
>
>
> Regards,
>
> Tom
>
>
>
> *From:* owasp-guide-bounces at lists.owasp.org [mailto:
> owasp-guide-bounces at lists.owasp.org] *On Behalf Of *Boberski, Michael
> [USA]
> *Sent:* Thursday, March 25, 2010 3:14 PM
> *To:* owasp-guide at lists.owasp.org
> *Subject:* [Owasp-guide] Authors -- how goes?
>
>
>
> Hi folks,
>
>
>
> How goes things with the various sections and worksheets?
>
>
>
> Lots of activity actually, looking at SVN logs.
>
>
>
> Go ahead, share your good works from this past week with the team.
>
>
>
> Best,
>
>
>
> Mike B.
>
>
>
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-guide/attachments/20100402/49736d8e/attachment.html 


More information about the Owasp-guide mailing list