-
-
Notifications
You must be signed in to change notification settings - Fork 636
Issues: OWASP/ASVS
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
4.3.1 and 4.3.3
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V4
Temporary label for grouping authorization related issues
_5.0 - prep
This needs to be addressed to prepare 5.0
#1974
opened May 27, 2024 by
EnigmaRosa
discussion OAuth/OIDC: accepted flows and grants
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
Community needed
This issue will not be progressed without community input. Will be closed if stale.
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1970
opened May 22, 2024 by
elarlang
V51: Additional OAuth/OIDC proposals
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1969
opened May 22, 2024 by
deleterepo
proposal/discussion: OAuth: requirement for refresh_token lifetime
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1968
opened May 21, 2024 by
elarlang
proposal/discussion: JWT - 3.5.6 add "type", and rephrase it to describe the goal
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1967
opened May 21, 2024 by
elarlang
discussion: OAuth - using OAuth just for authentication
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
Community needed
This issue will not be progressed without community input. Will be closed if stale.
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1966
opened May 19, 2024 by
elarlang
proposal/discussion: OAuth - separate requirement for redirect_uri string-match registration and handling
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1965
opened May 19, 2024 by
elarlang
proposal/discussion: OAuth - (for 1st party usage) only used (by the client) communication options must be allowed by authorization server
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1964
opened May 19, 2024 by
elarlang
proposal/discussion: OAuth - disallow web application to be OAuth public client (and to have direct communication with OAuth token endpoint)
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1963
opened May 19, 2024 by
elarlang
URL Safety
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V5
Temporary label for grouping input validation, sanitization, encoding, escaping related requirements
_5.0 - prep
This needs to be addressed to prepare 5.0
#1961
opened May 16, 2024 by
tghosth
update 50.2.1 (v4.0.3-14.4.3) and/or split requirement for content-security-policy
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
next meeting
Filter for leaders
V50
Group issues related to Web Frontend
_5.0 - prep
This needs to be addressed to prepare 5.0
#1958
opened May 14, 2024 by
elarlang
Italian Translation
MAKEFILE
translation
_5.0 - Not blocker
This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1951
opened May 4, 2024 by
ricsirigu
Proposal: the application must belong/covered to the HSTS preload list (probably level 3)
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
Community wanted
We would like feedback from the community to guide our decision otherwise we will progress
next meeting
Filter for leaders
V50
Group issues related to Web Frontend
_5.0 - prep
This needs to be addressed to prepare 5.0
#1941
opened Apr 30, 2024 by
elarlang
2.3.4 does not seem like registration
4b Major-rework
These issues need to be part of a full chapter rework
V2
_5.0 - prep
This needs to be addressed to prepare 5.0
#1940
opened Apr 29, 2024 by
jmanico
Clarify horizontal and vertical access control (4.2.1)
4b Major-rework
These issues need to be part of a full chapter rework
next meeting
Filter for leaders
V4
Temporary label for grouping authorization related issues
_5.0 - prep
This needs to be addressed to prepare 5.0
#1934
opened Apr 18, 2024 by
tghosth
V51 OAuth: Consider adding more general OAuth verifications
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
2) Awaiting response
Awaiting a response from the original poster
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1925
opened Apr 15, 2024 by
TobiasAhnoff
V51 OAuth: Consider narrowing or expanding the scope for the OAuth2 chapter
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#1924
opened Apr 15, 2024 by
TobiasAhnoff
encoded sensitive data (such as JWT) should not be logged
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V8
_5.0 - prep
This needs to be addressed to prepare 5.0
#1919
opened Mar 26, 2024 by
elarlang
cleanup V3.5 Token-based Session Management
Community wanted
We would like feedback from the community to guide our decision otherwise we will progress
V3
WG wanted
We are looking for input from leaders/WG
_5.0 - prep
This needs to be addressed to prepare 5.0
#1917
opened Mar 26, 2024 by
elarlang
Tracking supporters
_5.0 - Not blocker
This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1888
opened Mar 13, 2024 by
tghosth
lowercase vs uppercase grammar (original: 6.2.1 causes capitalization inconsistency)
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
_5.0 - draft
This should be discussed once a 5.0 draft has been prepared.
#1875
opened Feb 24, 2024 by
alitasdln
Requesting Clarifying Definition in the Business Logic Section Header
V11
_5.0 - draft
This should be discussed once a 5.0 draft has been prepared.
#1869
opened Feb 12, 2024 by
craig-shony
client should not send longer request headers than server can accept
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V5
Temporary label for grouping input validation, sanitization, encoding, escaping related requirements
_5.0 - prep
This needs to be addressed to prepare 5.0
#1867
opened Feb 8, 2024 by
elarlang
2.3.1 seems weak
4b Major-rework
These issues need to be part of a full chapter rework
4) proposal for review
Issue contains clear proposal for add/change something
V2
_5.0 - prep
This needs to be addressed to prepare 5.0
#1861
opened Feb 6, 2024 by
jmanico
install-unx.sh
intermittent failure
MAKEFILE
_5.0 - Not blocker
#1855
opened Feb 4, 2024 by
ike
Previous Next
ProTip!
Updated in the last three days: updated:>2024-06-30.