diff --git a/USEAGE.md b/USEAGE.md index 1b51eca53..5465f8a60 100644 --- a/USEAGE.md +++ b/USEAGE.md @@ -55,10 +55,10 @@ When implementing a security belt activity, approach a peer from the Security Ch # Dimensions -In the following the dimesions and corresponding sub dimension are described. The descriptions are highly based (mostly copied) on the [OWASP Project Integration Project Writeup](https://github.com/OWASP/www-project-integration-standards/blob/master/writeups/owasp_in_sdlc/index.md). +In the following the dimensions and corresponding sub dimension are described. The descriptions are highly based (mostly copied) on the [OWASP Project Integration Project Writeup](https://github.com/OWASP/www-project-integration-standards/blob/master/writeups/owasp_in_sdlc/index.md). -## Hardening -The dimension hardening covers topic of "traditional" hardening of software and infrastructure components. +## Implementation +The dimension Implementation covers topic of "traditional" hardening of software and infrastructure components. There is an abundance of libraries and frameworks implementing secure defaults. For frontend development, [ReactJS](https://reactjs.org/) seems to be the latest favourite in the Javascript world. diff --git a/assets/images/Hardening.png b/assets/images/Implementation.png similarity index 100% rename from assets/images/Hardening.png rename to assets/images/Implementation.png diff --git a/data-yml.php b/data-yml.php index 465a35487..0115aa1d2 100644 --- a/data-yml.php +++ b/data-yml.php @@ -14,7 +14,7 @@ function readYaml($file) { "Culture and Org." => readYaml("data/CultureAndOrg.yml"), "Build and Deployment" => readYaml("data/BuildAndDeployment.yml"), "Information Gathering" => readYaml("data/InformationGathering.yml"), - "Hardening" => readYaml("data/Hardening.yml"), + "Implementation" => readYaml("data/Implementation.yml"), "Test and Verification" => readYaml("data/TestAndVerification.yml"), ); diff --git a/data/Hardening.yml b/data/Implementation.yml similarity index 93% rename from data/Hardening.yml rename to data/Implementation.yml index 1a8d7cbc9..7dd82fec5 100755 --- a/data/Hardening.yml +++ b/data/Implementation.yml @@ -326,7 +326,7 @@ Application Hardening: - hardening is not explicitly covered by ISO 27001 - too specific - 13.1.3 - Application Hardening Level 2: + App. Hardening Level 2: risk: Using an insecure application might lead to a compromised application. This might lead to total data theft or data modification. measure: | Following frameworks like the @@ -348,7 +348,7 @@ Application Hardening: - hardening is not explicitly covered by ISO 27001 - too specific - 13.1.3 - Application Hardening Level 3: + App. Hardening Level 3: risk: Using an insecure application might lead to a compromised application. This might lead to total data theft or data modification. measure: | Following frameworks like the @@ -356,6 +356,29 @@ Application Hardening:
  • OWASP Application Security Verification Standard Level 3
  • OWASP Mobile Application Security Verification Standard Maturity Requirements
    • + and gain around 75% coverage of both. + difficultyOfImplementation: + knowledge: 4 + time: 4 + resources: 2 + usefulness: 4 + level: 3 + implementation: + - OWASP ASVS + - OWASP MASVS + samm2: software-requirements|A|3 + iso27001-2017: + - hardening is not explicitly covered by ISO 27001 - too specific + - 13.1.3 + Full Coverage of App. Hardening Level 3: + risk: Using an insecure application might lead to a compromised application. This might lead to total data theft or data modification. + measure: | + Following frameworks like the + + and gain around 95% coverage of both. difficultyOfImplementation: knowledge: 4 time: 4 diff --git a/js/example.js b/js/example.js index ffa2fadbc..cf7dc4169 100644 --- a/js/example.js +++ b/js/example.js @@ -36,6 +36,7 @@ function replaceSubdimensionName(name) { return name .replace("for applications", "app") .replace("Hardening", "Hard.") + .replace("Implementation", "Impl.") .replace("Guidance", "Guid.") .replace("for infrastructure", "infra") .replace("Dynamic", "Dyn.")