Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

128 Open 1,074 Closed
128 Open 1,074 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Is 14.1.1 in scope for ASVS? 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V14 _5.0 - prep This needs to be addressed to prepare 5.0
#2084 opened Sep 15, 2024 by tghosth
1
deduplicate or merge 14.6.2 and 1.14.7 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V14 _5.0 - prep This needs to be addressed to prepare 5.0
#2082 opened Sep 15, 2024 by elarlang
2
1.3.1 - Session Controls Documentation 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V1 V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2076 opened Sep 13, 2024 by ryarmst
@tghosth @ryarmst @elarlang
2
move configuration related requirements from V1 to V14.6 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders V1 V14 _5.0 - prep This needs to be addressed to prepare 5.0
#2072 opened Sep 12, 2024 by elarlang
1
30
V51 OAuth client CSRF protection for token request 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 6) PR awaiting review V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2068 opened Sep 10, 2024 by elarlang
@elarlang
10
1.4.7 - Access Control Documentation 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V1 V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2065 opened Sep 4, 2024 by EnigmaRosa
@tghosth @elarlang @EnigmaRosa
14
4.3.5 - Coverage by access control policies and deny by default otherwise 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2063 opened Sep 4, 2024 by EnigmaRosa
@EnigmaRosa
3
4.3.4 - Contextual attributes for access decisions 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2062 opened Sep 4, 2024 by EnigmaRosa
@tghosth @EnigmaRosa
15
4.2.4 - Originating component permissions 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2061 opened Sep 4, 2024 by EnigmaRosa
@EnigmaRosa
9
4.1.7 - Real time access control decision making 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2059 opened Sep 4, 2024 by EnigmaRosa
@EnigmaRosa
3
V51 OAuth: Add new OIDC Client verifications 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2048 opened Aug 31, 2024 by TobiasAhnoff
@randomstuff @TobiasAhnoff @elarlang
6
V51 OAuth: Add new OIDC Authorization Server verifications 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 2) Awaiting response Awaiting a response from the original poster V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2047 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff
2
V51 OAuth: Add resource server verifications (modify 51.3.1) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 2) Awaiting response Awaiting a response from the original poster V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2045 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff
1
V51 OAuth: Add client verifications 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 2) Awaiting response Awaiting a response from the original poster V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2044 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff
9
V51 OAuth: Add verifications for Authorization Server client configuration 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2043 opened Aug 31, 2024 by TobiasAhnoff
8
V51 OAuth: Add verification for PAR 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2042 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff
3
V51 OAuth: Add code and PKCE related verifications 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 4) proposal for review Issue contains clear proposal for add/change something V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2041 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff @elarlang
23
V51 OAuth: Add refresh token verfications 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2040 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff
15
proposal: add/merge OIDC requirements into OAuth2 paragraph (instead of separate OIDC paragraph) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2039 opened Aug 31, 2024 by elarlang
@TobiasAhnoff @elarlang
9
V51 OAuth: Add OAuth verifications for token management 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 4) proposal for review Issue contains clear proposal for add/change something V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2038 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff
11
V51 OAuth: Add new OIDC chapter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2037 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff @elarlang
3
V51 OAuth: Improve scope definition for new OAuth chapter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2036 opened Aug 31, 2024 by TobiasAhnoff
@TobiasAhnoff
6
Insert Burp Sequencer Test Cases for Randomness 4b Major-rework These issues need to be part of a full chapter rework V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2024 opened Aug 22, 2024 by cmlh
Set Account Lockout ASVS Levels 1-3 Aligned to NIST, PCI-DSS, CIS et al 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V2 _5.0 - prep This needs to be addressed to prepare 5.0
#2011 opened Aug 11, 2024 by cmlh
Proposal/discussion: OIDC requirement about ID token only being used to prove that the user has been authenticated (edit: a general requirement for allowing only intended usage for tokens) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 6) PR awaiting review V3 V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2005 opened Jul 27, 2024 by deleterepo
@randomstuff @deleterepo @elarlang
15
ProTip! Mix and match filters to narrow down what you’re looking for.