Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

94 Open 1,155 Closed
94 Open 1,155 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

V4.1.3 - split principle and verifiable parts V4 Temporary label for grouping authorization related issues
#2196 opened Oct 25, 2024 by elarlang
1
V4 principles coverage V4 Temporary label for grouping authorization related issues
#2195 opened Oct 25, 2024 by elarlang
3
V51 - OAuth - DPoP proof replay attack protection 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2188 opened Oct 23, 2024 by randomstuff
3
3.5.4 - token time-window validation 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 4) proposal for review Issue contains clear proposal for add/change something V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2185 opened Oct 23, 2024 by elarlang
3
3.5.3 update (stateless token signature or mac) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 2) Awaiting response Awaiting a response from the original poster V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2184 opened Oct 23, 2024 by elarlang
1
@randomstuff
4
review V51.4.3 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2183 opened Oct 22, 2024 by elarlang
review V51.4.2 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2182 opened Oct 22, 2024 by elarlang
3
review V51.3.3 and V51.3.4 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2181 opened Oct 22, 2024 by elarlang
1
3.3.5 - Update to correspond updated 3.3.2 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 4) proposal for review Issue contains clear proposal for add/change something 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2172 opened Oct 22, 2024 by ryarmst
@ryarmst
1
Review requirementes 14.2.6 and 14.2.8, potential move to V10 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders V14 _5.0 - prep This needs to be addressed to prepare 5.0
#2166 opened Oct 20, 2024 by elarlang
28
OAuth: require Authorization Code Binding to a DPoP Key 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2160 opened Oct 17, 2024 by randomstuff
9
OAuth, Add Requirement about protection against modification of the RAR authorization_details parameter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2151 opened Oct 15, 2024 by randomstuff
6
Add requirement about segmentation of SSO identities 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V2 _5.0 - prep This needs to be addressed to prepare 5.0
#2150 opened Oct 15, 2024 by randomstuff
2
Challenge to ASVS Item 10.2.3: Scope and Consistency Concerns 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V10 _5.0 - prep This needs to be addressed to prepare 5.0
#2145 opened Oct 15, 2024 by ImanSharaf
6
clarification for V4.1 and V4.2 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2139 opened Oct 12, 2024 by elarlang
7
V1 - cleanup from implementation requirements 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet josh/elar V1 _5.0 - prep This needs to be addressed to prepare 5.0
#2137 opened Oct 10, 2024 by elarlang
7 of 13 tasks
@tghosth @elarlang
1
split from 2.2.1 - disallow account lockout 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Community wanted We would like feedback from the community to guide our decision otherwise we will progress V2 _5.0 - prep This needs to be addressed to prepare 5.0
#2134 opened Oct 9, 2024 by elarlang
@elarlang
3
2.10.4 and 6.4.1 seem like duplicates 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders V2 V6 V14 _5.0 - prep This needs to be addressed to prepare 5.0
#2130 opened Oct 8, 2024 by tghosth
@tghosth
12
V51 OAuth: discuss verification of the user consent 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2120 opened Sep 26, 2024 by randomstuff
@randomstuff
17
1.3.3 - Handling Session Termination with SSO (Documentation) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V1 V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2102 opened Sep 21, 2024 by ryarmst
7
V3 Terminology Addition 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2100 opened Sep 21, 2024 by ryarmst
@tghosth @ryarmst
20
4.3.5 - Coverage by access control policies and deny by default otherwise 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2063 opened Sep 4, 2024 by EnigmaRosa
@EnigmaRosa
17
4.1.7 - Real time access control decision making 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2059 opened Sep 4, 2024 by EnigmaRosa
@EnigmaRosa
17
V51 OAuth: Add new OIDC chapter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2037 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff @elarlang
3
V51 OAuth: Improve scope definition for new OAuth chapter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2036 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff
9
ProTip! Type g i on any issue or pull request to go back to the issue listing page.