Issues: OWASP/ASVS
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
proposal/discussion: OAuth - disallow using OAuth just for authentication
V51
Group issues related to OAuth
#1966
opened May 19, 2024 by
elarlang
proposal/discussion: OAuth - separate requirement for redirect_uri string-match registration and handling
V51
Group issues related to OAuth
#1965
opened May 19, 2024 by
elarlang
proposal/discussion: OAuth - (for 1st party usage) only used (by the client) communication options must be allowed by authorization server
V51
Group issues related to OAuth
#1964
opened May 19, 2024 by
elarlang
proposal/discussion: OAuth - disallow web application to be OAuth public client (and to have direct communication with OAuth token endpoint)
V51
Group issues related to OAuth
#1963
opened May 19, 2024 by
elarlang
URL Safety
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V5
Temporary label for grouping input validation, sanitization, encoding, escaping related requirements
_5.0 - prep
This needs to be addressed to prepare 5.0
#1961
opened May 16, 2024 by
tghosth
update 50.2.1 (v4.0.3-14.4.3) and/or split requirement for content-security-policy
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
next meeting
Filter for leaders
V50
Group issues related to Web Frontend
_5.0 - prep
This needs to be addressed to prepare 5.0
#1958
opened May 14, 2024 by
elarlang
V11 rework by @jmanico
4b Major-rework
These issues need to be part of a full chapter rework
V11
_5.0 - prep
This needs to be addressed to prepare 5.0
#1953
opened May 7, 2024 by
tghosth
Italian Translation
MAKEFILE
translation
_5.0 - Not blocker
This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1951
opened May 4, 2024 by
ricsirigu
Proposal: the application must belong/covered to the HSTS preload list (probably level 3)
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
Community wanted
We would like feedback from the community to guide our decision otherwise we will progress
next meeting
Filter for leaders
V50
Group issues related to Web Frontend
_5.0 - prep
This needs to be addressed to prepare 5.0
#1941
opened Apr 30, 2024 by
elarlang
2.3.4 does not seem like registration
4b Major-rework
These issues need to be part of a full chapter rework
V2
_5.0 - prep
This needs to be addressed to prepare 5.0
#1940
opened Apr 29, 2024 by
jmanico
Clarify horizontal and vertical access control (4.2.1)
4b Major-rework
These issues need to be part of a full chapter rework
V4
Temporary label for grouping authorization related issues
_5.0 - prep
This needs to be addressed to prepare 5.0
#1934
opened Apr 18, 2024 by
tghosth
V51 OAuth: Consider adding more general OAuth verifications
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
2) Awaiting response
Awaiting a response from the original poster
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1925
opened Apr 15, 2024 by
TobiasAhnoff
V51 OAuth: Consider narrowing or expanding the scope for the OAuth2 chapter
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1924
opened Apr 15, 2024 by
TobiasAhnoff
encoded sensitive data (such as JWT) should not be logged
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V8
_5.0 - prep
This needs to be addressed to prepare 5.0
#1919
opened Mar 26, 2024 by
elarlang
cleanup V3.5 Token-based Session Management
Community wanted
We would like feedback from the community to guide our decision otherwise we will progress
V3
WG wanted
We are looking for input from leaders/WG
_5.0 - prep
This needs to be addressed to prepare 5.0
#1917
opened Mar 26, 2024 by
elarlang
Tracking supporters
_5.0 - Not blocker
This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1888
opened Mar 13, 2024 by
tghosth
lowercase vs uppercase grammar (original: 6.2.1 causes capitalization inconsistency)
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
_5.0 - draft
This should be discussed once a 5.0 draft has been prepared.
#1875
opened Feb 24, 2024 by
alitasdln
Requesting Clarifying Definition in the Business Logic Section Header
V11
_5.0 - draft
This should be discussed once a 5.0 draft has been prepared.
#1869
opened Feb 12, 2024 by
craig-shony
client should not send longer request headers than server can accept
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V5
Temporary label for grouping input validation, sanitization, encoding, escaping related requirements
_5.0 - prep
This needs to be addressed to prepare 5.0
#1867
opened Feb 8, 2024 by
elarlang
2.3.1 seems weak
4b Major-rework
These issues need to be part of a full chapter rework
4) proposal for review
Issue contains clear proposal for add/change something
V2
_5.0 - prep
This needs to be addressed to prepare 5.0
#1861
opened Feb 6, 2024 by
jmanico
install-unx.sh
intermittent failure
MAKEFILE
_5.0 - Not blocker
#1855
opened Feb 4, 2024 by
ike
Most recent artifacts
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
MAKEFILE
_5.0 - Not blocker
This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1848
opened Jan 25, 2024 by
tghosth
Fingerprinting devices/matching sessions to a device.
4b Major-rework
These issues need to be part of a full chapter rework
V2
V3
_5.0 - prep
This needs to be addressed to prepare 5.0
#1829
opened Jan 18, 2024 by
tghosth
Add requirement about usage of claims other than subject and issuer as an identifier for OpenID Connect
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
4a) Waiting for another
This issue is waiting for another issue to be resolved
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1826
opened Jan 17, 2024 by
jsherm-fwdsec
2.7.6 and 2.7.7 are in conflict
4b Major-rework
These issues need to be part of a full chapter rework
V2
_5.0 - prep
This needs to be addressed to prepare 5.0
#1813
opened Dec 18, 2023 by
jmanico
Previous Next
ProTip!
Find all open issues with in progress development work with linked:pr.