Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix links in Legacy_Application_Management_Cheat_Sheet.md #1548

Merged
merged 2 commits into from
Nov 25, 2024
Merged

Fix links in Legacy_Application_Management_Cheat_Sheet.md #1548

merged 2 commits into from
Nov 25, 2024

Conversation

albrektsson
Copy link
Contributor

You're A Rockstar

Thank you for submitting a Pull Request (PR) to the Cheat Sheet Series.

🚩 If your PR is related to grammar/typo mistakes, please double-check the file for other mistakes in order to fix all the issues in the current cheat sheet.

Please make sure that for your contribution:

  • All the markdown files do not raise any validation policy violation, see the policy.
  • You verified/tested the effectiveness of your contribution (e.g., the defensive code proposed is really an effective remediation? Please verify it works!).
  • The CI build of your PR pass, see the build status here.

Thank you again for your contribution 😃

szh
szh requested changes Nov 22, 2024
View reviewed changes
cheatsheets/Legacy_Application_Management_Cheat_Sheet.md Outdated
@@ -16,7 +16,7 @@ At a baseline, organizations should have a clear understanding about what legacy

**Inventory Management:** Start by compiling documentation identifying the legacy applications used by your organization including version numbers, date of production, and relevant configuration settings. Ideally, this will include details regarding what network hosts need to be situated on to reach the application and associated infrastructure. A record of the services running on infrastructure used for hosting the application and/or for data storage should also be outlined. In some circumstances documentation could include information about the physical location of and permitted access to servers associated with the application. Organizations might opt to generate a formal SBOM (Software Bill of Materials) as part of this process. SBOMs serve a useful role when an application relies on third-party dependencies in order to function.

**Risk Assessment and Threat Modeling:** Ensure your organization has a clear understanding of the level of risk and the kinds of threats theoretically posed by using the legacy application and its specific components (e.g. specific API routes or open ports on hosting infrastructure). This may be informed by formal or informal threat-modeling of an application, as described in the [Threat Modeling Cheat Sheet](/Threat_Modeling_Cheat_Sheet.md). Qualifying the risk posed by legacy software might also be aided by using an industry standard risk assessment framework, such as the NIST (National Institute of Standards and Technology) [Risk Management Framework](https://csrc.nist.gov/Projects/risk-management). There are many threat modeling and risk assessment frameworks and tools that have different strengths and weaknesses.
**Risk Assessment and Threat Modeling:** Ensure your organization has a clear understanding of the level of risk and the kinds of threats theoretically posed by using the legacy application and its specific components (e.g. specific API routes or open ports on hosting infrastructure). This may be informed by formal or informal threat-modeling of an application, as described in the [Threat Modeling Cheat Sheet](/cheatsheets/Threat_Modeling_Cheat_Sheet.html). Qualifying the risk posed by legacy software might also be aided by using an industry standard risk assessment framework, such as the NIST (National Institute of Standards and Technology) [Risk Management Framework](https://csrc.nist.gov/Projects/risk-management). There are many threat modeling and risk assessment frameworks and tools that have different strengths and weaknesses.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for fixing these! Because of the build process automation, the way we formulate the links is as below:
Essentially the mistake here is the "/" before the cheat sheet name.

Suggested change
**Risk Assessment and Threat Modeling:** Ensure your organization has a clear understanding of the level of risk and the kinds of threats theoretically posed by using the legacy application and its specific components (e.g. specific API routes or open ports on hosting infrastructure). This may be informed by formal or informal threat-modeling of an application, as described in the [Threat Modeling Cheat Sheet](/cheatsheets/Threat_Modeling_Cheat_Sheet.html). Qualifying the risk posed by legacy software might also be aided by using an industry standard risk assessment framework, such as the NIST (National Institute of Standards and Technology) [Risk Management Framework](https://csrc.nist.gov/Projects/risk-management). There are many threat modeling and risk assessment frameworks and tools that have different strengths and weaknesses.
**Risk Assessment and Threat Modeling:** Ensure your organization has a clear understanding of the level of risk and the kinds of threats theoretically posed by using the legacy application and its specific components (e.g. specific API routes or open ports on hosting infrastructure). This may be informed by formal or informal threat-modeling of an application, as described in the [Threat Modeling Cheat Sheet](Threat_Modeling_Cheat_Sheet.md). Qualifying the risk posed by legacy software might also be aided by using an industry standard risk assessment framework, such as the NIST (National Institute of Standards and Technology) [Risk Management Framework](https://csrc.nist.gov/Projects/risk-management). There are many threat modeling and risk assessment frameworks and tools that have different strengths and weaknesses.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sneaky.. take two committed :D

@albrektsson albrektsson requested a review from szh November 22, 2024 14:16
szh
szh approved these changes Nov 22, 2024
View reviewed changes
Copy link
Collaborator

@szh szh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you!

@mackowski mackowski merged commit f3fef14 into OWASP:master Nov 25, 2024
3 checks passed
@kwwall
Copy link
Collaborator

kwwall commented Nov 27, 2024

Given there are already 2 approvals, my appologies for being so late to the party, but instead of:

Inventory Management: Start by compiling documentation identifying ...

wouldn't it be better to word that as:

Inventory Management: Start by gathering documentation identifying ...

since "compiling" has a unique definition to us CS and IT folks and one generally does not "compile documentation" in the traditional CS sense if it's not too late to change that?

@mackowski
Copy link
Collaborator

Good point form @kwwall, this change is already merged but if others agree we can create new PR with this small change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mackowski mackowski mackowski approved these changes

@szh szh szh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@albrektsson @kwwall @mackowski @szh