Feat/zero0

USEAGE.md

@@ -55,10 +55,10 @@ When implementing a security belt activity, approach a peer from the Security Ch
 
 # Dimensions
 
-In the following the dimesions and corresponding sub dimension are described. The descriptions are highly based (mostly copied) on the [OWASP Project Integration Project Writeup](https://github.com/OWASP/www-project-integration-standards/blob/master/writeups/owasp_in_sdlc/index.md).
+In the following the dimensions and corresponding sub dimension are described. The descriptions are highly based (mostly copied) on the [OWASP Project Integration Project Writeup](https://github.com/OWASP/www-project-integration-standards/blob/master/writeups/owasp_in_sdlc/index.md).
 
-## Hardening
-The dimension hardening covers topic of "traditional" hardening of software and infrastructure components.
+## Implementation
+The dimension Implementation covers topic of "traditional" hardening of software and infrastructure components.
 
 There is an abundance of libraries and frameworks implementing secure defaults. For frontend development, [ReactJS](https://reactjs.org/) seems to be the latest favourite in the Javascript world.
 

data-yml.php

@@ -14,7 +14,7 @@ function readYaml($file) {
     "Culture and Org." => readYaml("data/CultureAndOrg.yml"),
     "Build and Deployment" => readYaml("data/BuildAndDeployment.yml"),
     "Information Gathering" => readYaml("data/InformationGathering.yml"),
-    "Hardening" => readYaml("data/Hardening.yml"),
+    "Implementation" => readYaml("data/Implementation.yml"),
     "Test and Verification" => readYaml("data/TestAndVerification.yml"),
 );
 

data/Hardening.yml → data/Implementation.yml

@@ -326,7 +326,7 @@ Application Hardening:
       - hardening is not explicitly covered by ISO 27001 - too specific
       - 13.1.3
 
-  Application Hardening Level 2:
+  App. Hardening Level 2:
     risk: Using an insecure application might lead to a compromised application. This might lead to total data theft or data modification.
     measure: |
       Following frameworks like the
@@ -348,14 +348,37 @@ Application Hardening:
       - hardening is not explicitly covered by ISO 27001 - too specific
       - 13.1.3
 
-  Application Hardening Level 3:
+  App. Hardening Level 3:
     risk: Using an insecure application might lead to a compromised application. This might lead to total data theft or data modification.
     measure: |
       Following frameworks like the
         <ul>
           <li>OWASP Application Security Verification Standard Level 3</li>
           <li>OWASP Mobile Application Security Verification Standard Maturity Requirements</li>
         </ul>
+        and gain around 75% coverage of both.
+    difficultyOfImplementation:
+      knowledge: 4
+      time: 4
+      resources: 2
+    usefulness: 4
+    level: 3
+    implementation:
+      - <a href='https://owasp.org/www-project-application-security-verification-standard/'>OWASP ASVS</a>
+      - <a href="https://github.com/OWASP/owasp-masvs">OWASP MASVS</a>
+    samm2: software-requirements|A|3
+    iso27001-2017:
+      - hardening is not explicitly covered by ISO 27001 - too specific
+      - 13.1.3
+  Full Coverage of App. Hardening Level 3:
+    risk: Using an insecure application might lead to a compromised application. This might lead to total data theft or data modification.
+    measure: |
+      Following frameworks like the
+        <ul>
+          <li>OWASP Application Security Verification Standard Level 3</li>
+          <li>OWASP Mobile Application Security Verification Standard Maturity Requirements</li>
+        </ul>
+        and gain around 95% coverage of both.
     difficultyOfImplementation:
       knowledge: 4
       time: 4

js/example.js

@@ -36,6 +36,7 @@ function replaceSubdimensionName(name) {
     return name
         .replace("for applications", "app")
         .replace("Hardening", "Hard.")
+        .replace("Implementation", "Impl.")
         .replace("Guidance", "Guid.")
         .replace("for infrastructure", "infra")
         .replace("Dynamic", "Dyn.")