Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

112 Open 1,030 Closed
112 Open 1,030 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

URL Safety 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements _5.0 - prep This needs to be addressed to prepare 5.0
#1961 opened May 16, 2024 by tghosth
@jmanico
3
move or merge 8.3.5 to V7 next meeting Filter for leaders V7 Temporary label for grouping logging related issues
#1960 opened May 15, 2024 by elarlang
@tghosth @elarlang
2
update 50.2.1 (v4.0.3-14.4.3) and/or split requirement for content-security-policy next meeting Filter for leaders V50 Group issues related to Web Frontend
#1958 opened May 14, 2024 by elarlang
2
V11 rework by @jmanico 4b Major-rework These issues need to be part of a full chapter rework V11 _5.0 - prep This needs to be addressed to prepare 5.0
#1953 opened May 7, 2024 by tghosth
@jmanico @elarlang
13
Italian Translation MAKEFILE translation _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1951 opened May 4, 2024 by ricsirigu
@ricsirigu
1
2.3.4 does not seem like registration 4b Major-rework These issues need to be part of a full chapter rework V2 _5.0 - prep This needs to be addressed to prepare 5.0
#1940 opened Apr 29, 2024 by jmanico
1
Clarify horizontal and vertical access control (4.2.1) 4b Major-rework These issues need to be part of a full chapter rework V4 Temporary label for grouping authorization related issues _5.0 - prep This needs to be addressed to prepare 5.0
#1934 opened Apr 18, 2024 by tghosth
2
V51 OAuth: Consider adding more general OAuth verifications 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 2) Awaiting response Awaiting a response from the original poster V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1925 opened Apr 15, 2024 by TobiasAhnoff
@TobiasAhnoff
3
V51 OAuth: Consider narrowing or expanding the scope for the OAuth2 chapter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1924 opened Apr 15, 2024 by TobiasAhnoff
@TobiasAhnoff @csfreak92 @elarlang
12
encoded sensitive data (such as JWT) should not be logged 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V8 _5.0 - prep This needs to be addressed to prepare 5.0
#1919 opened Mar 26, 2024 by elarlang
5
cleanup V3.5 Token-based Session Management Community wanted We would like feedback from the community to guide our decision otherwise we will progress V3 WG wanted We are looking for input from leaders/WG _5.0 - prep This needs to be addressed to prepare 5.0
#1917 opened Mar 26, 2024 by elarlang
@tghosth @elarlang
3
oauth related discussions 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Community needed This issue will not be progressed without community input. Will be closed if stale. Community wanted We would like feedback from the community to guide our decision otherwise we will progress V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1916 opened Mar 26, 2024 by elarlang
2
Tracking supporters _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1888 opened Mar 13, 2024 by tghosth
@tghosth
6
lowercase vs uppercase grammar (original: 6.2.1 causes capitalization inconsistency) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#1875 opened Feb 24, 2024 by alitasdln
12
Requesting Clarifying Definition in the Business Logic Section Header V11 _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#1869 opened Feb 12, 2024 by craig-shony
@craig-shony
2
client should not send longer request headers than server can accept 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements _5.0 - prep This needs to be addressed to prepare 5.0
#1867 opened Feb 8, 2024 by elarlang
6
2.3.1 seems weak 4b Major-rework These issues need to be part of a full chapter rework 4) proposal for review Issue contains clear proposal for add/change something V2 _5.0 - prep This needs to be addressed to prepare 5.0
#1861 opened Feb 6, 2024 by jmanico
@jmanico @tghosth
8
install-unx.sh intermittent failure MAKEFILE _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1855 opened Feb 4, 2024 by ike
@ike
Most recent artifacts 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet MAKEFILE _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1848 opened Jan 25, 2024 by tghosth
@ike
3
Fingerprinting devices/matching sessions to a device. 4b Major-rework These issues need to be part of a full chapter rework V2 V3 _5.0 - prep This needs to be addressed to prepare 5.0
#1829 opened Jan 18, 2024 by tghosth
9
Add requirement about usage of claims other than subject and issuer as an identifier for OpenID Connect 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 4a) Waiting for another This issue is waiting for another issue to be resolved V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#1826 opened Jan 17, 2024 by jsherm-fwdsec
21
2.7.6 and 2.7.7 are in conflict 4b Major-rework These issues need to be part of a full chapter rework V2 _5.0 - prep This needs to be addressed to prepare 5.0
#1813 opened Dec 18, 2023 by jmanico
@jmanico @tghosth
6
2.7.5 is a security problem and weakness 2) Awaiting response Awaiting a response from the original poster 4b Major-rework These issues need to be part of a full chapter rework V2 _5.0 - prep This needs to be addressed to prepare 5.0
#1812 opened Dec 18, 2023 by jmanico
@jmanico
8
2.2.2 and 2.7.1 are duplicates 4b Major-rework These issues need to be part of a full chapter rework V2 _5.0 - prep This needs to be addressed to prepare 5.0
#1811 opened Dec 18, 2023 by jmanico
@tghosth
2
14.4 section (HTTP Security Headers) rename / find better category-section for "content-type" requirements. 2) Awaiting response Awaiting a response from the original poster V14 V50 Group issues related to Web Frontend _5.0 - prep This needs to be addressed to prepare 5.0
#1808 opened Dec 15, 2023 by elarlang
@elarlang
2
ProTip! What’s not been updated in a month: updated:<2024-04-17.