Skip to content
This repository has been archived by the owner on Apr 9, 2024. It is now read-only.

Bring up to date with base. #1

Open
wants to merge 2,686 commits into
base: master
Choose a base branch
from
Open

Bring up to date with base. #1

wants to merge 2,686 commits into from

Conversation

bonds0097
Copy link

I want to bring this up to date with the base repo before I diverge like a mofo.

tghosth and others added 30 commits October 31, 2024 08:25
@tghosth @elarlang
Update glossary as well
ee6925a
@tghosth @elarlang
Resolve #1658 by removing 6.1.3 and merging 6.1.1 and 6.1.2 into data…
19755a0 
… protection (#2209)

* Resolve #1658 by removing 6.1.3 and merging 6.1.1 and 6.1.2 into data protection

* Merge into protection levels requirement

* remove chapter text for cleaned up chapter

---------

Co-authored-by: Elar Lang <47597707+elarlang@users.noreply.github.com>
@tghosth @elarlang
Add 4.1.6 about avoiding out of date permissions info to resolve #2059
5c1e481
@elarlang
space--
170bbcb
@tghosth @elarlang
Clear up sandboxing requirements to resolve #2166
0018cfb
@elarlang
tags
eea2d69
@elarlang
tags
bea5527
@elarlang
tags
f0d7d42
@elarlang
Resolve #2214 by correcting HTTP header vs HTTP header field (#2217)
ef0e0f5 
Co-authored-by: Elar Lang <elar@hoh.ee>
@ImanSharaf @elarlang @tghosth
Resolve #2145 by reviewing problematic malicious code requirements (#…
86a4a71 
…2218)

* Update 0x18-V10-Coding.md

Issue #2145

* Update 0x18-V10-Coding.md

* Update 0x18-V10-Coding.md

* Include in recommendations

---------

Co-authored-by: Elar Lang <47597707+elarlang@users.noreply.github.com>
Co-authored-by: Josh Grossman <tghosth@users.noreply.github.com>
@tghosth
Add forwardsec and omegapoint as tertiary (#2193)
d84077b 
* Add forwardsec and omegapoint as tertiary

* Change layout

* Fix layout

* moar space
@jmanico
Clarify that 12.2.1 on checks for uploaded files should also cover ar…
cc8c61c 
…chives to resolve #1779 (#2221)

addressing #1770
@ImanSharaf @jmanico @tghosth
Resolves part of #1471 by clarifying req on external code
6bf91be 
* Update 0x18-V10-Coding.md

#1471

* Update 0x18-V10-Coding.md

Small change

* Update 0x18-V10-Coding.md

* Update 0x18-V10-Coding.md

* wqd

---------

Co-authored-by: Jim Manico <jim@manicode.com>
Co-authored-by: Josh Grossman <tghosth@users.noreply.github.com>
@ImanSharaf
Resolves part of #1471 by removing duplicate req
e1c5a64 
Issue #1471
@jmanico @tghosth
Resolve #2224 by cleaning up V12 text (#2225)
716ca2d 
* Update 0x20-V12-Files-Resources.md

relating to issue #2224

* Clarify section wording

* Update 0x20-V12-Files-Resources.md

---------

Co-authored-by: Josh Grossman <tghosth@users.noreply.github.com>
@ImanSharaf @tghosth
Modified 10.4.1 to make it more clear
faa8145 
The initial version was ambitious.
@ImanSharaf @tghosth
Fixed a small grammar issue
97ec14e 
Changed "3rd party" to "third-party"
@ImanSharaf @tghosth
Fixed a small grammar issue
5bd5ea6 
Changed 3rd party to third-party
@jmanico @tghosth
Resolve #2220 by adding argon2id to section text
7c72f34 
* Update 0x11-V2-Authentication.md

Addressing #2220

* Update 0x11-V2-Authentication.md

---------

Co-authored-by: Josh Grossman <tghosth@users.noreply.github.com>
@tghosth
#2212 import - take V6 inventory requirements to V1
fddaa31
@tghosth
#2212 import - V6 control objective
fd1258c
@tghosth
#2212 import algorithm requirement and extra information
63eb951
@tghosth
#2212 import Cipher Algorithms
c41a6f0
@tghosth
#2212 import - Hashing and Hash-based Functions
9a1c575
@tghosth
#2212 import content
56f6b33
@tghosth
#2212 import content++
90c0053
@tghosth
renumbering
59af0a1
@tghosth
linter
b89b2b2
@tghosth
Minor wording tweak
e14a915
@elarlang @tghosth
tag fix for #2223
f9020c0 
removed requirement:
V12.3.6 Verify that the application does not include and execute functionality from untrusted sources, such as unverified content distribution networks, JavaScript libraries, node npm libraries, or server-side DLLs. | | ✓ | ✓ | 829 |

With duplicate of we should point to v4.0.3 requirements:
* V14.2.3 Verify that if application assets, such as JavaScript libraries, CSS or web fonts, are hosted externally on a Content Delivery Network (CDN) or external provider, Subresource Integrity (SRI) is used to validate the integrity of the asset.
* V14.2.4 Verify that third party components come from pre-defined, trusted and continually maintained repositories.
Elar Lang and others added 30 commits December 11, 2024 13:27
@tghosth
mapping fixes, resolve #2454
9f316d8
@tghosth
Adding clarification on crypto discovery tools to resolve #2395 (#2450)
12e8a78 
* Adding clarification on crypto discovery tools to resolve #2395

* Clarify wording
@tghosth @elarlang
Clarify 6.2.9 wording to resolve #2461
b1bb64b
@tghosth @elarlang
Clarify 11.1.3 to resolve #2466
eea7b44
@elarlang
rm double label
e6a1e4f
@tghosth @elarlang
Clarify req 2.3.4 to resolve #2460 (#2464)
45245a4 
* Clarify req 2.3.4 to resolve #2460

* Reword around "verify that"

* Clarifications

* whitespace

---------

Co-authored-by: Elar Lang <47597707+elarlang@users.noreply.github.com>
@tghosth @elarlang
Add verify that to various reqs to resolve #2469 (#2471)
2efbfd3 
* Add verify that to various reqs to resolve #2469

* modification labels

* modification labels

---------

Co-authored-by: Elar Lang <47597707+elarlang@users.noreply.github.com>
@tghosth
Move cookie length issue to resolve #2458 (#2473)
95d1fe1
@elarlang
Fixed a number of typos
0782e2e
@tghosth
Start improving front text (#2365)
59a1ca8 
* Start improvements

* continue text update

* linting

* Continue improving text on levels and testing

* linting

* Update 0x03 and move 4.0 related content to 0x05

* Wrong word

* Add better level definition

* Linting
@ryarmst @elarlang @tghosth
Update V3 chapter/section text for 2442 (#2459)
004c7fe 
* Update V3 chapter/section text for 2442

* rm trailing spaces

* Minor modifications to wording

---------

Co-authored-by: Elar Lang <47597707+elarlang@users.noreply.github.com>
Co-authored-by: Josh Grossman <tghosth@users.noreply.github.com>
@elarlang
#2468 no innerHTML and document.write
fe67ae5
@elarlang
wording update
b276080
@tghosth
Strengthen crypto minimum bit size requirement to resolve #2461
8fa18e9
@elarlang @tghosth
#1941 - location change for hsts preload
c9b698c
@tghosth
Clarify 2.5.6 to resolve #2457 (#2480)
c1cce51
@tghosth @elarlang
Resolve #2467 by splitting and clarifying the 3rd party vuln requirem…
2b6c28e 
…ents (#2489)

* Resolve #2467 by splitting and clarifying the 3rd party vuln requirements

* tag fix

---------

Co-authored-by: Elar Lang <47597707+elarlang@users.noreply.github.com>
@tghosth
Split 1.5.1 to 1.11.5 and 1.11.6
fbad791
@tghosth
Move 5.1.1 param pollution to 10.4.7
c0b6242
@tghosth
Move 5.1.3 positive validation to 11.3.1
4f1470c
@tghosth
Split 5.1.4 input val structure to 11.3.2 and 11.3.3
06bc46f
@tghosth
Move 1.5.3/5.6.2 client side val to 11.3.4
f6dd15d
@elarlang
#2468 - update 50.6.2
fd40634
@tghosth
V for Vendet... Verification
6f466c3
@tghosth
eol fix
3a07977
@tghosth
requirement number fix
bdc1d49
@tghosth
Some minor wording changes to resolve #2495
bda11c1
@tghosth
Minor change to resolve #2503
89c0fe8
@tghosth
Add quantum computer clarification to resolve #2504
85b8fdb
@tghosth @elarlang
Fix inconsistent tag
d2a4aec
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@bonds0097 @tghosth @elarlang @ImanSharaf @jmanico @ryarmst @cronchie @danielcuthbert @randomstuff