Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

112 Open 1,108 Closed
112 Open 1,108 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

V51 OAuth: discuss verification of the user consent 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2120 opened Sep 26, 2024 by randomstuff
@randomstuff
6
Deduplicate SSRF requirements 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements V12 _5.0 - prep This needs to be addressed to prepare 5.0
#2115 opened Sep 25, 2024 by tghosth
12
3.3.2 - Update to correspond to NIST SP 800-63B revision 4 draft 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2113 opened Sep 25, 2024 by ryarmst
9
v3.2.1 identifier rotating for a stateless mechanism 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2112 opened Sep 24, 2024 by tghosth
7
V51 revokation for OAuth tokens 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2111 opened Sep 23, 2024 by elarlang
4
V1.3 Session Management Architecture - Section Text Proposal 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V1 V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2103 opened Sep 21, 2024 by ryarmst
2
1.3.3 - Handling Session Termination with SSO (Documentation) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V1 V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2102 opened Sep 21, 2024 by ryarmst
2
1.3.2 - Multiple Concurrent Sessions Handling (Documentation) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V1 V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2101 opened Sep 21, 2024 by ryarmst
2
V3 Terminology Addition 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2100 opened Sep 21, 2024 by ryarmst
13
V51, Verify usage of the "iss" parameter in by the authorization server 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2095 opened Sep 19, 2024 by randomstuff
@randomstuff @elarlang
7
51.2.2 - what is the purpose for the requirement? 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2092 opened Sep 18, 2024 by elarlang
8
51.2.1 OAuth authorization code - prevent replay and limit the lifetime 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2090 opened Sep 18, 2024 by elarlang
3
Are parts of 14.2.x section out of scope for ASVS? 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V14 _5.0 - prep This needs to be addressed to prepare 5.0
#2088 opened Sep 17, 2024 by tghosth
@meghanjacquot
12
1.3.1 - Session Controls Documentation 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 4a) Waiting for another This issue is waiting for another issue to be resolved V1 V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2076 opened Sep 13, 2024 by ryarmst
@tghosth @ryarmst @elarlang
13
move configuration related requirements from V1 to V14.6 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR V1 _5.0 - prep This needs to be addressed to prepare 5.0
#2072 opened Sep 12, 2024 by elarlang
1
@tghosth
47
4.3.5 - Coverage by access control policies and deny by default otherwise 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2063 opened Sep 4, 2024 by EnigmaRosa
@EnigmaRosa
4
4.2.4 - Originating component permissions 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2061 opened Sep 4, 2024 by EnigmaRosa
@tghosth @EnigmaRosa
10
4.1.7 - Real time access control decision making 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2059 opened Sep 4, 2024 by EnigmaRosa
@EnigmaRosa
3
V51 OAuth: Add resource server verifications (modify 51.4.1) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 2) Awaiting response Awaiting a response from the original poster V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2045 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff
4
V51 OAuth: Add verifications for Authorization Server client configuration 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 4) proposal for review Issue contains clear proposal for add/change something V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2043 opened Aug 31, 2024 by TobiasAhnoff
@randomstuff @TobiasAhnoff @elarlang
21
proposal: add/merge OIDC requirements into OAuth2 paragraph (instead of separate OIDC paragraph) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2039 opened Aug 31, 2024 by elarlang
@TobiasAhnoff @elarlang
9
V51 OAuth: Add OAuth verifications for token management 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2038 opened Aug 31, 2024 by TobiasAhnoff
@randomstuff @TobiasAhnoff
26
V51 OAuth: Add new OIDC chapter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2037 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff @elarlang
3
V51 OAuth: Improve scope definition for new OAuth chapter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2036 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff
6
Insert Burp Sequencer Test Cases for Randomness 4b Major-rework These issues need to be part of a full chapter rework V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2024 opened Aug 22, 2024 by cmlh
ProTip! no:milestone will show everything without a milestone.