From b8d1608649251f9da2182efd824cedc934382ed1 Mon Sep 17 00:00:00 2001
From: Timo Pagel <github@timo-pagel.de>
Date: Tue, 26 Jan 2021 11:09:43 +0100
Subject: [PATCH 1/2] Rename hardening to impl.

---
 USEAGE.md                                           |   6 +++---
 assets/images/{Hardening.png => Implementation.png} | Bin
 data-yml.php                                        |   2 +-
 data/{Hardening.yml => Implementation.yml}          |   0
 js/example.js                                       |   1 +
 5 files changed, 5 insertions(+), 4 deletions(-)
 rename assets/images/{Hardening.png => Implementation.png} (100%)
 rename data/{Hardening.yml => Implementation.yml} (100%)

diff --git a/USEAGE.md b/USEAGE.md
index 1b51eca53..5465f8a60 100644
--- a/USEAGE.md
+++ b/USEAGE.md
@@ -55,10 +55,10 @@ When implementing a security belt activity, approach a peer from the Security Ch
 
 # Dimensions
 
-In the following the dimesions and corresponding sub dimension are described. The descriptions are highly based (mostly copied) on the [OWASP Project Integration Project Writeup](https://github.com/OWASP/www-project-integration-standards/blob/master/writeups/owasp_in_sdlc/index.md).
+In the following the dimensions and corresponding sub dimension are described. The descriptions are highly based (mostly copied) on the [OWASP Project Integration Project Writeup](https://github.com/OWASP/www-project-integration-standards/blob/master/writeups/owasp_in_sdlc/index.md).
 
-## Hardening
-The dimension hardening covers topic of "traditional" hardening of software and infrastructure components.
+## Implementation
+The dimension Implementation covers topic of "traditional" hardening of software and infrastructure components.
 
 There is an abundance of libraries and frameworks implementing secure defaults. For frontend development, [ReactJS](https://reactjs.org/) seems to be the latest favourite in the Javascript world.
 
diff --git a/assets/images/Hardening.png b/assets/images/Implementation.png
similarity index 100%
rename from assets/images/Hardening.png
rename to assets/images/Implementation.png
diff --git a/data-yml.php b/data-yml.php
index 465a35487..0115aa1d2 100644
--- a/data-yml.php
+++ b/data-yml.php
@@ -14,7 +14,7 @@ function readYaml($file) {
     "Culture and Org." => readYaml("data/CultureAndOrg.yml"),
     "Build and Deployment" => readYaml("data/BuildAndDeployment.yml"),
     "Information Gathering" => readYaml("data/InformationGathering.yml"),
-    "Hardening" => readYaml("data/Hardening.yml"),
+    "Implementation" => readYaml("data/Implementation.yml"),
     "Test and Verification" => readYaml("data/TestAndVerification.yml"),
 );
 
diff --git a/data/Hardening.yml b/data/Implementation.yml
similarity index 100%
rename from data/Hardening.yml
rename to data/Implementation.yml
diff --git a/js/example.js b/js/example.js
index ffa2fadbc..cf7dc4169 100644
--- a/js/example.js
+++ b/js/example.js
@@ -36,6 +36,7 @@ function replaceSubdimensionName(name) {
     return name
         .replace("for applications", "app")
         .replace("Hardening", "Hard.")
+        .replace("Implementation", "Impl.")
         .replace("Guidance", "Guid.")
         .replace("for infrastructure", "infra")
         .replace("Dynamic", "Dyn.")

From b0996823d36b2b72f572f12820ccbb759896a202 Mon Sep 17 00:00:00 2001
From: Timo Pagel <github@timo-pagel.de>
Date: Fri, 29 Jan 2021 16:36:20 +0100
Subject: [PATCH 2/2] Shift apps

---
 data/Implementation.yml | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/data/Implementation.yml b/data/Implementation.yml
index 1a8d7cbc9..7dd82fec5 100755
--- a/data/Implementation.yml
+++ b/data/Implementation.yml
@@ -326,7 +326,7 @@ Application Hardening:
       - hardening is not explicitly covered by ISO 27001 - too specific
       - 13.1.3
 
-  Application Hardening Level 2:
+  App. Hardening Level 2:
     risk: Using an insecure application might lead to a compromised application. This might lead to total data theft or data modification.
     measure: |
       Following frameworks like the
@@ -348,7 +348,7 @@ Application Hardening:
       - hardening is not explicitly covered by ISO 27001 - too specific
       - 13.1.3
 
-  Application Hardening Level 3:
+  App. Hardening Level 3:
     risk: Using an insecure application might lead to a compromised application. This might lead to total data theft or data modification.
     measure: |
       Following frameworks like the
@@ -356,6 +356,29 @@ Application Hardening:
           <li>OWASP Application Security Verification Standard Level 3</li>
           <li>OWASP Mobile Application Security Verification Standard Maturity Requirements</li>
         </ul>
+        and gain around 75% coverage of both.
+    difficultyOfImplementation:
+      knowledge: 4
+      time: 4
+      resources: 2
+    usefulness: 4
+    level: 3
+    implementation:
+      - <a href='https://owasp.org/www-project-application-security-verification-standard/'>OWASP ASVS</a>
+      - <a href="https://github.com/OWASP/owasp-masvs">OWASP MASVS</a>
+    samm2: software-requirements|A|3
+    iso27001-2017:
+      - hardening is not explicitly covered by ISO 27001 - too specific
+      - 13.1.3
+  Full Coverage of App. Hardening Level 3:
+    risk: Using an insecure application might lead to a compromised application. This might lead to total data theft or data modification.
+    measure: |
+      Following frameworks like the
+        <ul>
+          <li>OWASP Application Security Verification Standard Level 3</li>
+          <li>OWASP Mobile Application Security Verification Standard Maturity Requirements</li>
+        </ul>
+        and gain around 95% coverage of both.
     difficultyOfImplementation:
       knowledge: 4
       time: 4