Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

118 Open 1,032 Closed
118 Open 1,032 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

discussion OAuth/OIDC: accepted flows and grants 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1970 opened May 22, 2024 by elarlang
4
V51: Additional OAuth/OIDC proposals 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1969 opened May 22, 2024 by deleterepo
@csfreak92 @deleterepo @elarlang
5
proposal/discussion: OAuth: requirement for refresh_token lifetime 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1968 opened May 21, 2024 by elarlang
@csfreak92 @elarlang
proposal/discussion: JWT - 3.5.6 add "type", and rephrase it to describe the goal 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1967 opened May 21, 2024 by elarlang
@csfreak92 @elarlang
6
discussion: OAuth - using OAuth just for authentication 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Community needed This issue will not be progressed without community input. Will be closed if stale. V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1966 opened May 19, 2024 by elarlang
@csfreak92 @elarlang
4
proposal/discussion: OAuth - separate requirement for redirect_uri string-match registration and handling 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1965 opened May 19, 2024 by elarlang
@csfreak92 @elarlang
4
proposal/discussion: OAuth - (for 1st party usage) only used (by the client) communication options must be allowed by authorization server 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1964 opened May 19, 2024 by elarlang
@csfreak92 @elarlang
3
proposal/discussion: OAuth - disallow web application to be OAuth public client (and to have direct communication with OAuth token endpoint) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1963 opened May 19, 2024 by elarlang
@csfreak92 @elarlang
URL Safety 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements _5.0 - prep This needs to be addressed to prepare 5.0
#1961 opened May 16, 2024 by tghosth
@jmanico
18
update 50.2.1 (v4.0.3-14.4.3) and/or split requirement for content-security-policy 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders V50 Group issues related to Web Frontend _5.0 - prep This needs to be addressed to prepare 5.0
#1958 opened May 14, 2024 by elarlang
8
V11 rework by @jmanico 4b Major-rework These issues need to be part of a full chapter rework V11 _5.0 - prep This needs to be addressed to prepare 5.0
#1953 opened May 7, 2024 by tghosth
@jmanico @elarlang
15
Italian Translation MAKEFILE translation _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1951 opened May 4, 2024 by ricsirigu
@ricsirigu
1
Proposal: the application must belong/covered to the HSTS preload list (probably level 3) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Community wanted We would like feedback from the community to guide our decision otherwise we will progress next meeting Filter for leaders V50 Group issues related to Web Frontend _5.0 - prep This needs to be addressed to prepare 5.0
#1941 opened Apr 30, 2024 by elarlang
1
20
2.3.4 does not seem like registration 4b Major-rework These issues need to be part of a full chapter rework V2 _5.0 - prep This needs to be addressed to prepare 5.0
#1940 opened Apr 29, 2024 by jmanico
1
Clarify horizontal and vertical access control (4.2.1) 4b Major-rework These issues need to be part of a full chapter rework V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#1934 opened Apr 18, 2024 by tghosth
@tghosth @elarlang @EnigmaRosa
5
V51 OAuth: Consider adding more general OAuth verifications 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 2) Awaiting response Awaiting a response from the original poster V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1925 opened Apr 15, 2024 by TobiasAhnoff
@TobiasAhnoff
5
V51 OAuth: Consider narrowing or expanding the scope for the OAuth2 chapter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1924 opened Apr 15, 2024 by TobiasAhnoff
@TobiasAhnoff @csfreak92 @elarlang
12
encoded sensitive data (such as JWT) should not be logged 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V8 _5.0 - prep This needs to be addressed to prepare 5.0
#1919 opened Mar 26, 2024 by elarlang
5
cleanup V3.5 Token-based Session Management Community wanted We would like feedback from the community to guide our decision otherwise we will progress V3 WG wanted We are looking for input from leaders/WG _5.0 - prep This needs to be addressed to prepare 5.0
#1917 opened Mar 26, 2024 by elarlang
@tghosth @elarlang
5
Tracking supporters _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1888 opened Mar 13, 2024 by tghosth
@tghosth
6
lowercase vs uppercase grammar (original: 6.2.1 causes capitalization inconsistency) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#1875 opened Feb 24, 2024 by alitasdln
12
Requesting Clarifying Definition in the Business Logic Section Header V11 _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#1869 opened Feb 12, 2024 by craig-shony
@craig-shony
3
client should not send longer request headers than server can accept 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements _5.0 - prep This needs to be addressed to prepare 5.0
#1867 opened Feb 8, 2024 by elarlang
6
2.3.1 seems weak 4b Major-rework These issues need to be part of a full chapter rework 4) proposal for review Issue contains clear proposal for add/change something V2 _5.0 - prep This needs to be addressed to prepare 5.0
#1861 opened Feb 6, 2024 by jmanico
@jmanico @tghosth
11
install-unx.sh intermittent failure MAKEFILE _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1855 opened Feb 4, 2024 by ike
@ike
ProTip! Updated in the last three days: updated:>2024-05-23.