MVSP - Limit the ability to iframe sensitive application content where appropriate. #1703
Assignees
Labels
2) Awaiting response
Awaiting a response from the original poster
Will be closed if no response/opposite arguments
Comments
|
... and where are those technical arguments? |
elarlang
added
2) Awaiting response
I do not have a preference either way if ASVS does/doesn't support "2.3 Security Headers" of MVSP due to technicalities. Your are welcome to close this issue @elarlang |
|
Pretty sure we will be including CSP in 5.0 and looks like we are also covering iframe sandboxing in #1009 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am requesting that #64 (comment) be reconsidered as this is now a control of MVSP after the former GitHub Issue was closed and subsequent thread on Slack.
"2.3 Security Headers" of MVSP is reproduced below:
2.3 Security HeadersApply appropriate security headers to reduce the application attack surface and limit post exploitation:* Set a minimally permissive Content Security Policy* Limit the ability to iframe sensitive application content where appropriateThe parent of this [MVSP] issue is #1151 and associated GitHub Discussion is #1690
Reproduction of Slack thread referencing #687 (comment) and #1009 (comment) too.
The text was updated successfully, but these errors were encountered: