MSTG-NETWORK-4 is a L2 control, but is marked as Level 1 in CSV
sushi2k opened this issue · comments
in Git in the markdown document it is level 2: https://github.com/OWASP/owasp-masvs/blob/v1.2/Document/0x10-V5-Network_communication_requirements.md
But in the CSV it is level 1: https://github.com/OWASP/owasp-masvs/releases/download/v1.2/OWASP_MASVS-v1.2-en.csv
5.4,"The app either uses its own certificate store, or pins the endpoint certificate or public key, and subsequently does not establish connections with endpoints that offer a different certificate or key, even if signed by a trusted CA.",
MSTG-NETWORK-4,True,True,False
MSTG-Network-4 is a L2 requirement!
Thanks Roel!
This is correct for the current generation, see here:
https://github.com/OWASP/owasp-masvs/suites/2294862390/artifacts/48078994
Please let me know if there's something else wrong, thank you anyway for reporting :)