Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support "1.2 Customer testing" from MVSP #1360

Closed
cmlh opened this issue Sep 3, 2022 · 8 comments
Closed

Support "1.2 Customer testing" from MVSP #1360

cmlh opened this issue Sep 3, 2022 · 8 comments
Assignees
@tghosth
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Will be closed if no response/opposite arguments _5.0 - prep This needs to be addressed to prepare 5.0

Comments

@cmlh
Copy link
Contributor

cmlh commented Sep 3, 2022

"1.2 Customer testing" of MVSP is reproduced below:

1.2 Customer testing
* On request, enable your customers or their delegates to test the security of your application
* Test on a non-production environment if it closely resembles the production environment in functionality
* Ensure non-production environments do not contain production data

Should we include this in the next major release of ASVS and/or be governed upstream by CREST OVS instead?

The parent of this issue is #1151.
@danielcuthbert
Copy link
Collaborator

I'm not a fan if I'm honest. Firstly, what anyone does with the standard is their choice, we are not governed by anyone let alone CREST. Telling people to allow testing of their product goes over what I feel is useful

@tghosth tghosth mentioned this issue Dec 7, 2022
Closed
@tghosth tghosth self-assigned this Dec 7, 2022
@tghosth tghosth added 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - prep This needs to be addressed to prepare 5.0 labels Dec 7, 2022
@tghosth
Copy link
Collaborator

tghosth commented Dec 7, 2022

@set-reminder 5 weeks @tghosth to look at this

@octo-reminder
Copy link

octo-reminder bot commented Dec 7, 2022

Reminder
Wednesday, January 11, 2023 12:00 AM (GMT+01:00)

@tghosth to look at this

@elarlang
Copy link
Collaborator

As we move with scope more towards "strictly only application", then mentioned customer testing things are out of scope.

Josh can recheck, recommendation to close it.

@tghosth
Copy link
Collaborator

tghosth commented Dec 28, 2022
edited
Loading

Thanks @cmlh but I agree with @danielcuthbert and @elarlang in this instance that this item is out of scope.

@tghosth tghosth closed this as completed Dec 28, 2022
@octo-reminder
Copy link

octo-reminder bot commented Jan 10, 2023

🔔 @tghosth

@tghosth to look at this

@cmlh
Copy link
Contributor Author

cmlh commented Apr 7, 2023
edited
Loading

ASVS states "... to a test application with non-production data, is required ..." which integrates with * Ensure non-production environments do not contain production data of MVSP

@cmlh
Copy link
Contributor Author

cmlh commented Apr 7, 2023
edited
Loading

ASVS states "Test on a non-production environment if it closely resembles the production environment in functionality ..." which integrates with * Test on a non-production environment if it closely resembles the production environment in functionality of MVSP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tghosth tghosth

Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Will be closed if no response/opposite arguments _5.0 - prep This needs to be addressed to prepare 5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cmlh @danielcuthbert @tghosth @elarlang