Level 1 & Out of Band Verifier #2519
yoannAmicel
started this conversation in
General
Replies: 1 comment
-
|
Hi @yoannAmicel, is this still relevant in the recently release V5? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I'm about to perform an audit on a website, relying on the OWASP ASVS.
The website is really basic, produced by a startup with the minimum amount of features. The thing is that they do have a standard authentication, similar to this testing website : "https://juice-shop.herokuapp.com/#/login".
I consider this webapp as "Level 1", based on the description.
My question is : isn't the "V2.7 Out of Band Verifier" a bit too demanding for Level 1 websites ? Or should I consider perform these tests only if the webapp implements Out of Band ? Because I guess that 99% of basic websites currently doesn't implement Out of Band (and I really don't mean that it's great).
Just curious
Best,
Yoann
Beta Was this translation helpful? Give feedback.
All reactions