Steven van der Baan

Results 13 comments of Steven van der Baan

Process Burp State/Project

Done state file

Add parsers

Burp - Done ZAP - Initial version

10.1.1 asks for basic SAST but is l3 should this be l1?

I would make this a L2 requirement. L1 claims to be completely penetration testable and I would say that this requirement asks for attestation instead.

10.1.1 asks for basic SAST but is l3 should this be l1?

I like to hear that the ASVS is moving to risk levels. If that is the case I would recommend it for Level 1 Even a SAST that is not...

10.1.1 asks for basic SAST but is l3 should this be l1?

I would like to clarify that the purpose of SAST for Level 1 is awareness, especially if the tool is not tuned for the application. For higher levels the tool...

10.1.1 asks for basic SAST but is l3 should this be l1?

This item has been removed as per #1507, the issue can be closed

added a json flag

I don't see it as negative comment, but constructive. I would recommend not changing the output of get_results to json as that could mess up the other checkers, but to...

added a json flag

Reworked get_results to print based on the get_json_results.

[Clarification/For Discussion] Allow-list of all HTML form fields in 5.1.3

Possible, or perhaps `preferably allow-lists, alternatively sanitizers` to emphasis that allow-lists is the preferred choice and that a sanitiser should only be used where allow-lists are not up for the...

[Clarification/For Discussion] Allow-list of all HTML form fields in 5.1.3

I understand what you are saying, however this is not how it is interpreted. I have spoken with multiple dev teams and most of them interpret this requirement as "we...