use 5 levels and adopt levels of activities

Author: wurstbrot

src/assets/YAML/default/Implementation/ApplicationHardening.yaml

@@ -181,4 +181,28 @@ Implementation:
       comments: ""
       dependsOn:
         - App. Hardening Level 2
+    Usage of a Web Application Firewall:
+      risk: Using an insecure application might lead to a compromised application.
+        This might lead to total data theft or data modification.
+      measure: |
+        The usage of an API Gateway / Web Application Firewall might mitigate it. There are debates on how useful a WAF is for APIs.
+      difficultyOfImplementation:
+        knowledge: 4
+        time: 4
+        resources: 4
+      usefulness: 2
+      level: 5
+      implementation:
+        - $ref: src/assets/YAML/default/implementations.yaml#/implementations/apiMyth
+      references:
+        samm2:
+          - D-SR-3-A
+        iso27001-2017:
+          - hardening is not explicitly covered by ISO 27001 - too specific
+          - 13.1.3
+      isImplemented: false
+      evidence: ""
+      comments: ""
+      dependsOn:
+        - App. Hardening Level 2
 ...

src/assets/YAML/default/implementations.yaml

@@ -723,3 +723,9 @@ packj:
   url: https://github.com/ossillate-inc/packj
   description: |
     Packj is a tool to detect software supply chain attacks. It can detect malicious, vulnerable, abandoned, typo-squatting, and other "risky" packages from popular open-source package registries, such as NPM, RubyGems, and PyPI.
+apiMyth:
+  name: Top 5 API Security Myths That Are Crushing Your Business
+  tags: [documentation, waf]
+  url: https://thehackernews.com/2022/11/top-5-api-security-myths-that-are.html
+  description: |
+    There are several myths and misconceptions about API security. These myths about securing APIs are crushing your business