Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

45 Open 1,290 Closed
45 Open 1,290 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Requirement for managing user consents 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V4 Temporary label for grouping authorization related issues V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2401 opened Nov 21, 2024 by elarlang
1
Appendix Crypto - Allowed mechanisms and requirement levels 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2398 opened Nov 21, 2024 by randomstuff
1
V6 - Requirement about UUIDs and CSPRNG 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2396 opened Nov 20, 2024 by randomstuff
@danielcuthbert
10
V1.6.5 - Unclear "cryptographic discovery mechanism" V1 V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2395 opened Nov 20, 2024 by randomstuff
Fix backend/back-end terminology 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos Community wanted We would like feedback from the community to guide our decision otherwise we will progress _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2390 opened Nov 20, 2024 by tghosth
1
Where to move or what to do with V3.5 section (tokens section in session management chapter) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2384 opened Nov 18, 2024 by elarlang
24
Crypto appendix - mention missing mechanisms 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2380 opened Nov 17, 2024 by randomstuff
5
Crypto appendix - give alias names for groups 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos AppendixV Appendix with crypto details _5.0 - prep This needs to be addressed to prepare 5.0
#2374 opened Nov 13, 2024 by randomstuff
@danielcuthbert
2
Add access token requirement for preventing "key confusion" V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2361 opened Nov 9, 2024 by TobiasAhnoff
@TobiasAhnoff @ryarmst @elarlang
13
Modify 3.5.5 - split key confusion part to a separate requirement 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2360 opened Nov 9, 2024 by TobiasAhnoff
@TobiasAhnoff
10
Link new requirements to CREs 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2334 opened Nov 7, 2024 by cronchie
1
V3 - Update section text for V3.6 and/or corresponding security decision 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2321 opened Nov 7, 2024 by ryarmst
V6 - Proper/safe MAC usage (in contrast to digital signatures) 2) Awaiting response Awaiting a response from the original poster AppendixV Appendix with crypto details V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2310 opened Nov 6, 2024 by randomstuff
@randomstuff
4
V7 Add transient error handling 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V7 Temporary label for grouping logging related issues _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2281 opened Nov 6, 2024 by cronchie
@cronchie @elarlang
7
V6 - Requirement mitigating against rerouting/Selfie attacks in when using TLS PSK authentication with group membership 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V9 _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2216 opened Nov 2, 2024 by randomstuff
3
V6 - Discuss forward secrecy 2) Awaiting response Awaiting a response from the original poster V9 _5.0 - prep This needs to be addressed to prepare 5.0
#2215 opened Nov 2, 2024 by randomstuff
@randomstuff
10
Handle Glossary _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2201 opened Oct 28, 2024 by tghosth
@ryarmst
1
review V51.4.3 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2183 opened Oct 22, 2024 by elarlang
@randomstuff @TobiasAhnoff @elarlang
16
Link checker is temperamental and apparently deprecated GH_ACTIONS MAKEFILE _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1990 opened Jul 10, 2024 by tghosth
@ike
13
proposal/discussion: JWT - 3.5.6 rephrase it to describe the goal and/or split to different requirements based on different goals 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 _5.0 - prep This needs to be addressed to prepare 5.0
#1967 opened May 21, 2024 by elarlang
@TobiasAhnoff @ryarmst @elarlang
14
proposal/discussion: OAuth - disallow web application to be OAuth public client (and to have direct communication with OAuth token endpoint) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1963 opened May 19, 2024 by elarlang
@elarlang
9
2.1.2 Passwords of more than 128 characters are denied (make entire 2.4 more abstract) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V2 V2.1 passwords Passwords, password storage related issues _5.0 - prep This needs to be addressed to prepare 5.0
#1923 opened Apr 13, 2024 by sohsatoh
1
@jmanico @tghosth @sohsatoh
28
Tracking supporters _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1888 opened Mar 13, 2024 by tghosth
@tghosth
10
lowercase vs uppercase grammar (original: 6.2.1 causes capitalization inconsistency) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#1875 opened Feb 24, 2024 by alitasdln
13
Requesting Clarifying Definition in the Business Logic Section Header V11 _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#1869 opened Feb 12, 2024 by craig-shony
@jmanico @craig-shony
6
ProTip! What’s not been updated in a month: updated:<2024-10-22.