Skip to content

Asvs 2515 tag change#2522

Merged
elarlang merged 29 commits intoOWASP:masterfrom
elarlang:asvs-2515-tag-change
Jan 13, 2025
Merged

Asvs 2515 tag change#2522
elarlang merged 29 commits intoOWASP:masterfrom
elarlang:asvs-2515-tag-change

Conversation

@elarlang
Copy link
Copy Markdown
Collaborator

@elarlang elarlang commented Jan 10, 2025

This Pull Request relates to issue #2515

@elarlang
Copy link
Copy Markdown
Collaborator Author

elarlang commented Jan 10, 2025

You can recheck all mapping changes, but...

@randomstuff - please check, is it suitable mapping

@tghosth - please check, are those suitable mappings:

If no feedback for tomorrow, I'm going to merge it in to move further.

@randomstuff
Copy link
Copy Markdown
Collaborator

randomstuff commented Jan 12, 2025
edited
Loading

6.6.3 [ADDED, SPLIT FROM 6.2.5] Verify that cryptographic systems avoid the use of disallowed hash functions, such as MD5, SHA-1, or any other insecure hash functions, for any cryptographic purpose.

is technically not really split from v4 6.2.3:

6.2.3 Verify that encryption initialization vector, cipher configuration, and block modes are configured securely using the latest advice.

The former is about hash functions which is not really covered by v4 6.2.3.

@elarlang elarlang mentioned this pull request Jan 13, 2025
Merged
@elarlang
Copy link
Copy Markdown
Collaborator Author

elarlang commented Jan 13, 2025

6.6.3 [ADDED, SPLIT FROM 6.2.5] Verify that cryptographic systems avoid the use of disallowed hash functions, such as MD5, SHA-1, or any other insecure hash functions, for any cryptographic purpose.

is technically not really split from v4 6.2.3:

6.2.3 Verify that encryption initialization vector, cipher configuration, and block modes are configured securely using the latest advice.

The former is about hash functions which is not really covered by v4 6.2.3.

I think here is some misread, typo or other misunderstanding in place.

v4.0.3-6.2.3 got deleted, as it is covered by v5.0.be-6.5.1, v5.0.be-6.5.2, v5.0.be-6.6.3.

Probbaly v5.0.be-6.5.1 can be removed from this list.

@elarlang elarlang marked this pull request as ready for review January 13, 2025 08:03
@elarlang elarlang merged commit 4bbbc99 into OWASP:master Jan 13, 2025
@elarlang
Copy link
Copy Markdown
Collaborator Author

elarlang commented Jan 13, 2025

I merged it in, because it contains changes to many requirements and it may cause content conflicts for other PR's.

If there is some incorrect mapping in place, please open a separate issue or PR to address that.

@jmanico
Copy link
Copy Markdown
Member

jmanico commented Jan 13, 2025 via email

@elarlang elarlang deleted the asvs-2515-tag-change branch February 11, 2025 07:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jmanico jmanico jmanico approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@elarlang @randomstuff @jmanico