owaspsamm · johnellingsworth · Mar 24, 2024 · Mar 24, 2024
Changes from all commits

Commits

Show all changes
1 commit

Select commit

260fcf8
Fixing ampersand in 2 additional activities
johnellingsworth Mar 24, 2024
diff --git a/model/activities/V-AA-3-B.yml b/model/activities/V-AA-3-B.yml
@@ -20,7 +20,7 @@ benefit: Continuous improvement of enterprise architecture based on architecture
 
 #A one sentence description of the activity
 shortDescription: Feed the architecture review results back into the enterprise architecture,
-  organization design principles & patterns, security solutions and reference architectures.
+  organization design principles and patterns, security solutions and reference architectures.
 
 #A multi-paragraph description of the activity
 longDescription: |

diff --git a/model/activities/V-RT-3-A.yml b/model/activities/V-RT-3-A.yml
@@ -25,7 +25,7 @@ shortDescription: Perform regression testing (with security unit tests).
 longDescription: |
   Write and automate regression tests for all identified (and fixed) bugs to ensure that these become a test harness preventing similar issues being introduced during later releases. Security unit tests should verify dynamically (i.e., at run time) that the components function as expected and should validate that code changes are properly implemented.
 
-  A good practice for developers is to build security test cases as a generic security test suite that is part of the existing unit testing framework. A generic security test suite might include security test cases to validate both positive and negative requirements for security controls such as Identity, Authentication & Access Control, Input Validation & Encoding, User and Session Management, Error and Exception Handling, Encryption, and Auditing and Logging. Verify the correct execution of the security tests as early as possible. If feasible for example, consider the passing of security tests as part of merge requirements before allowing new code to enter the main code base. Alternatively, consider their passing a requirement for validating a build.
+  A good practice for developers is to build security test cases as a generic security test suite that is part of the existing unit testing framework. A generic security test suite might include security test cases to validate both positive and negative requirements for security controls such as Identity, Authentication and Access Control, Input Validation and Encoding, User and Session Management, Error and Exception Handling, Encryption, and Auditing and Logging. Verify the correct execution of the security tests as early as possible. If feasible for example, consider the passing of security tests as part of merge requirements before allowing new code to enter the main code base. Alternatively, consider their passing a requirement for validating a build.
 
   For security functional tests, use unit level tests for the functionality of security controls at the software component level, such as functions, methods, or classes. For example, a test case could check input and output validation (e.g., variable sanitation) and boundary checks for variables by asserting the expected functionality of the component.