ASVS icon indicating copy to clipboard operation
ASVS copied to clipboard
verified publisher icon OWASP

Section 10 seems more mobile than web

Open jmanico opened this issue 3 years ago • 2 comments

From: https://github.com/OWASP/ASVS/blob/master/5.0/en/0x18-V10-Malicious.md

All of section v10 seems way more mobile than web and should be discarded.

The first item of 10 is already submitted as a problematic issue here https://github.com/OWASP/ASVS/issues/1200

...and the rest of 10 seems very mobile-specific and should possibly be revisited.

jmanico avatar Sep 28 '22 17:09 jmanico

I've never liked this sentence

"Does not have back doors, Easter eggs, salami attacks, rootkits, or unauthorized code that can be controlled by an attacker" As someone who's written many a backdoor/malicious code, it's not exactly obvious and this is ambiguous at best.

danielcuthbert avatar Oct 01 '22 12:10 danielcuthbert

Agree that there are a lot of tricky points in this section, I think we need to discuss what stays if anything from this section

tghosth avatar Dec 07 '22 17:12 tghosth