Level 1 & Out of Band Verifier #2519
yoannAmicel
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I'm about to perform an audit on a website, relying on the OWASP ASVS.
The website is really basic, produced by a startup with the minimum amount of features. The thing is that they do have a standard authentication, similar to this testing website : "https://juice-shop.herokuapp.com/#/login".
I consider this webapp as "Level 1", based on the description.
My question is : isn't the "V2.7 Out of Band Verifier" a bit too demanding for Level 1 websites ? Or should I consider perform these tests only if the webapp implements Out of Band ? Because I guess that 99% of basic websites currently doesn't implement Out of Band (and I really don't mean that it's great).
Just curious
Best,
Yoann
Beta Was this translation helpful? Give feedback.
All reactions