Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

88 Open 1,167 Closed
88 Open 1,167 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

V5 Rewrite of V6 Cryptography 4) proposal for review Issue contains clear proposal for add/change something
#2213 opened Nov 1, 2024 by danielcuthbert
Is 8.3.7 duplicated in V6 4a) Waiting for another This issue is waiting for another issue to be resolved V8 _5.0 - prep This needs to be addressed to prepare 5.0
#2208 opened Oct 31, 2024 by tghosth
2
clarify V5.3 and V5.5 section titles 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements _5.0 - prep This needs to be addressed to prepare 5.0
#2206 opened Oct 29, 2024 by elarlang
update 3.5.5 V3 Will be closed if no response/opposite arguments _5.0 - prep This needs to be addressed to prepare 5.0
#2204 opened Oct 28, 2024 by elarlang
13
Compression based side-channel attacks and BREACH 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2203 opened Oct 28, 2024 by randomstuff
@randomstuff
12
Need to check that the glossary is in alphabetical order correctly _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2201 opened Oct 28, 2024 by tghosth
@tghosth
1
V4.1.3 - split principle and verifiable parts 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet summit-2024 V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2196 opened Oct 25, 2024 by elarlang
7
V4 principles coverage 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet summit-2024 V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2195 opened Oct 25, 2024 by elarlang
3
V51 - OAuth - DPoP proof replay attack protection 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2188 opened Oct 23, 2024 by randomstuff
3
3.5.4 - token time-window validation 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2185 opened Oct 23, 2024 by elarlang
12
review V51.4.3 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2183 opened Oct 22, 2024 by elarlang
review V51.4.2 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2182 opened Oct 22, 2024 by elarlang
3
review V51.3.3 and V51.3.4 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2181 opened Oct 22, 2024 by elarlang
2
OAuth: require Authorization Code Binding to a DPoP Key 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2160 opened Oct 17, 2024 by randomstuff
9
OAuth, Add Requirement about protection against modification of the RAR authorization_details parameter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2151 opened Oct 15, 2024 by randomstuff
9
Add requirement about segmentation of SSO identities 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V2 _5.0 - prep This needs to be addressed to prepare 5.0
#2150 opened Oct 15, 2024 by randomstuff
@randomstuff
14
Challenge to ASVS Item 10.2.3: Scope and Consistency Concerns 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V10 _5.0 - prep This needs to be addressed to prepare 5.0
#2145 opened Oct 15, 2024 by ImanSharaf
6
clarification for V4.1 and V4.2 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet summit-2024 V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2139 opened Oct 12, 2024 by elarlang
12
V1 - cleanup from implementation requirements 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet josh/elar V1 _5.0 - prep This needs to be addressed to prepare 5.0
#2137 opened Oct 10, 2024 by elarlang
9 of 13 tasks
@tghosth @elarlang
1
split from 2.2.1 - disallow account lockout 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Community wanted We would like feedback from the community to guide our decision otherwise we will progress V2 _5.0 - prep This needs to be addressed to prepare 5.0
#2134 opened Oct 9, 2024 by elarlang
@elarlang
3
V51 OAuth: discuss verification of the user consent 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V8 V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2120 opened Sep 26, 2024 by randomstuff
@randomstuff @elarlang
20
1.3.3 - Handling Session Termination with SSO (Documentation) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V1 V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2102 opened Sep 21, 2024 by ryarmst
7
4.3.5 - Coverage by access control policies and deny by default otherwise 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet summit-2024 V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2063 opened Sep 4, 2024 by EnigmaRosa
@EnigmaRosa
20
V51 OAuth: Add new OIDC chapter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2037 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff @elarlang
3
V51 OAuth: Improve scope definition for new OAuth chapter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2036 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff
9
ProTip! Exclude everything labeled bug with -label:bug.