Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

97 Open 1,142 Closed
97 Open 1,142 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

V14.2.7 - move to V10 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders V14
#2167 opened Oct 20, 2024 by elarlang
Review quirementes 14.2.6 and 14.2.8, potential move to V10 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders V14
#2166 opened Oct 20, 2024 by elarlang
3
proposal: merge 14.2.4 and 14.2.5 and move to V1.14 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 4) proposal for review Issue contains clear proposal for add/change something next meeting Filter for leaders V1 V14
#2165 opened Oct 20, 2024 by elarlang
OAuth: require Authorization Code Binding to a DPoP Key 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth
#2160 opened Oct 17, 2024 by randomstuff
9
OAuth, Add Requirement about protection against modification of the RAR authorization_details parameter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth
#2151 opened Oct 15, 2024 by randomstuff
5
Add requirement about segmentation of SSO identities V2
#2150 opened Oct 15, 2024 by randomstuff
2
Challenge to ASVS Item 10.2.3: Scope and Consistency Concerns 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V10 _5.0 - prep This needs to be addressed to prepare 5.0
#2145 opened Oct 15, 2024 by ImanSharaf
6
clarification for V4.1 and V4.2 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2139 opened Oct 12, 2024 by elarlang
5
V1 - cleanup from implementation requirements 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet josh/elar V1 _5.0 - prep This needs to be addressed to prepare 5.0
#2137 opened Oct 10, 2024 by elarlang
5 of 13 tasks
@tghosth @elarlang
1
split from 2.2.1 - disallow account lockout 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Community wanted We would like feedback from the community to guide our decision otherwise we will progress V2 _5.0 - prep This needs to be addressed to prepare 5.0
#2134 opened Oct 9, 2024 by elarlang
2
2.10.4 and 6.4.1 seem like duplicates 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V2 V6 V14 _5.0 - prep This needs to be addressed to prepare 5.0
#2130 opened Oct 8, 2024 by tghosth
@tghosth
8
V51 OAuth: discuss verification of the user consent 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2120 opened Sep 26, 2024 by randomstuff
@randomstuff
17
3.3.2 - Update to correspond to NIST SP 800-63B revision 4 draft 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 6) PR awaiting review V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2113 opened Sep 25, 2024 by ryarmst
@ryarmst @elarlang
14
v3.2.1 identifier rotating for a stateless mechanism 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 Will be closed if no response/opposite arguments _5.0 - prep This needs to be addressed to prepare 5.0
#2112 opened Sep 24, 2024 by tghosth
7
V51 - OAuth - sender-contrained refresh tokens 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2110 opened Sep 23, 2024 by elarlang
@randomstuff @TobiasAhnoff @elarlang
26
V1.3 Session Management Architecture - Section Text Proposal 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 6) PR awaiting review V1 V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2103 opened Sep 21, 2024 by ryarmst
@ryarmst @elarlang
5
1.3.3 - Handling Session Termination with SSO (Documentation) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V1 V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2102 opened Sep 21, 2024 by ryarmst
6
1.3.2 - Multiple Concurrent Sessions Handling (Documentation) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V1 V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2101 opened Sep 21, 2024 by ryarmst
12
V3 Terminology Addition 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2100 opened Sep 21, 2024 by ryarmst
15
51.2.15 - OAuth - ask to be transaction-specific 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2092 opened Sep 18, 2024 by elarlang
24
4.3.5 - Coverage by access control policies and deny by default otherwise 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2063 opened Sep 4, 2024 by EnigmaRosa
@EnigmaRosa
8
4.1.7 - Real time access control decision making 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2059 opened Sep 4, 2024 by EnigmaRosa
@EnigmaRosa
10
V51 OAuth: Add new OIDC chapter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2037 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff @elarlang
3
V51 OAuth: Improve scope definition for new OAuth chapter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2036 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff
9
Insert Burp Sequencer Test Cases for Randomness 4b Major-rework These issues need to be part of a full chapter rework V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2024 opened Aug 22, 2024 by cmlh
ProTip! Find all open issues with in progress development work with linked:pr.