Issues: OWASP/ASVS
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
URL Safety
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V5
Temporary label for grouping input validation, sanitization, encoding, escaping related requirements
_5.0 - prep
This needs to be addressed to prepare 5.0
#1961
opened May 16, 2024 by
tghosth
move or merge 8.3.5 to V7
next meeting
Filter for leaders
V7
Temporary label for grouping logging related issues
#1960
opened May 15, 2024 by
elarlang
update 50.2.1 (v4.0.3-14.4.3) and/or split requirement for content-security-policy
next meeting
Filter for leaders
V50
Group issues related to Web Frontend
#1958
opened May 14, 2024 by
elarlang
V11 rework by @jmanico
4b Major-rework
These issues need to be part of a full chapter rework
V11
_5.0 - prep
This needs to be addressed to prepare 5.0
#1953
opened May 7, 2024 by
tghosth
Italian Translation
MAKEFILE
translation
_5.0 - Not blocker
This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1951
opened May 4, 2024 by
ricsirigu
2.3.4 does not seem like registration
4b Major-rework
These issues need to be part of a full chapter rework
V2
_5.0 - prep
This needs to be addressed to prepare 5.0
#1940
opened Apr 29, 2024 by
jmanico
Clarify horizontal and vertical access control (4.2.1)
4b Major-rework
These issues need to be part of a full chapter rework
V4
Temporary label for grouping authorization related issues
_5.0 - prep
This needs to be addressed to prepare 5.0
#1934
opened Apr 18, 2024 by
tghosth
V51 OAuth: Consider adding more general OAuth verifications
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
2) Awaiting response
Awaiting a response from the original poster
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1925
opened Apr 15, 2024 by
TobiasAhnoff
V51 OAuth: Consider narrowing or expanding the scope for the OAuth2 chapter
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1924
opened Apr 15, 2024 by
TobiasAhnoff
encoded sensitive data (such as JWT) should not be logged
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V8
_5.0 - prep
This needs to be addressed to prepare 5.0
#1919
opened Mar 26, 2024 by
elarlang
cleanup V3.5 Token-based Session Management
Community wanted
We would like feedback from the community to guide our decision otherwise we will progress
V3
WG wanted
We are looking for input from leaders/WG
_5.0 - prep
This needs to be addressed to prepare 5.0
#1917
opened Mar 26, 2024 by
elarlang
oauth related discussions
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
Community needed
This issue will not be progressed without community input. Will be closed if stale.
Community wanted
We would like feedback from the community to guide our decision otherwise we will progress
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1916
opened Mar 26, 2024 by
elarlang
Tracking supporters
_5.0 - Not blocker
This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1888
opened Mar 13, 2024 by
tghosth
lowercase vs uppercase grammar (original: 6.2.1 causes capitalization inconsistency)
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
_5.0 - draft
This should be discussed once a 5.0 draft has been prepared.
#1875
opened Feb 24, 2024 by
alitasdln
Requesting Clarifying Definition in the Business Logic Section Header
V11
_5.0 - draft
This should be discussed once a 5.0 draft has been prepared.
#1869
opened Feb 12, 2024 by
craig-shony
client should not send longer request headers than server can accept
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V5
Temporary label for grouping input validation, sanitization, encoding, escaping related requirements
_5.0 - prep
This needs to be addressed to prepare 5.0
#1867
opened Feb 8, 2024 by
elarlang
2.3.1 seems weak
4b Major-rework
These issues need to be part of a full chapter rework
4) proposal for review
Issue contains clear proposal for add/change something
V2
_5.0 - prep
This needs to be addressed to prepare 5.0
#1861
opened Feb 6, 2024 by
jmanico
install-unx.sh
intermittent failure
MAKEFILE
_5.0 - Not blocker
#1855
opened Feb 4, 2024 by
ike
Most recent artifacts
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
MAKEFILE
_5.0 - Not blocker
This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1848
opened Jan 25, 2024 by
tghosth
Fingerprinting devices/matching sessions to a device.
4b Major-rework
These issues need to be part of a full chapter rework
V2
V3
_5.0 - prep
This needs to be addressed to prepare 5.0
#1829
opened Jan 18, 2024 by
tghosth
Add requirement about usage of claims other than subject and issuer as an identifier for OpenID Connect
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
4a) Waiting for another
This issue is waiting for another issue to be resolved
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1826
opened Jan 17, 2024 by
jsherm-fwdsec
2.7.6 and 2.7.7 are in conflict
4b Major-rework
These issues need to be part of a full chapter rework
V2
_5.0 - prep
This needs to be addressed to prepare 5.0
#1813
opened Dec 18, 2023 by
jmanico
2.7.5 is a security problem and weakness
2) Awaiting response
Awaiting a response from the original poster
4b Major-rework
These issues need to be part of a full chapter rework
V2
_5.0 - prep
This needs to be addressed to prepare 5.0
#1812
opened Dec 18, 2023 by
jmanico
2.2.2 and 2.7.1 are duplicates
4b Major-rework
These issues need to be part of a full chapter rework
V2
_5.0 - prep
This needs to be addressed to prepare 5.0
#1811
opened Dec 18, 2023 by
jmanico
14.4 section (HTTP Security Headers) rename / find better category-section for "content-type" requirements.
2) Awaiting response
Awaiting a response from the original poster
V14
V50
Group issues related to Web Frontend
_5.0 - prep
This needs to be addressed to prepare 5.0
#1808
opened Dec 15, 2023 by
elarlang
Previous Next
ProTip!
What’s not been updated in a month: updated:<2024-04-17.