Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

58 Open 1,321 Closed
58 Open 1,321 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Remaining reqs in section 5.1 seem like they don't belong. 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements _5.0 - prep This needs to be addressed to prepare 5.0
#2487 opened Dec 26, 2024 by tghosth
Update Levels doc after input validation rework in #2476 4a) Waiting for another This issue is waiting for another issue to be resolved V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements _5.0 - prep This needs to be addressed to prepare 5.0
#2486 opened Dec 26, 2024 by tghosth
2
6.2.9 and CCM-8 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2485 opened Dec 22, 2024 by randomstuff
Clarify CSRF requirement 50.4.1 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V50 Group issues related to Web Frontend _5.0 - prep This needs to be addressed to prepare 5.0
#2481 opened Dec 18, 2024 by tghosth
@elarlang
9
Should format string and memory safety reqs be Level 1? 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet requirement level Issue related to requirement levels V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements _5.0 - prep This needs to be addressed to prepare 5.0
#2478 opened Dec 17, 2024 by tghosth
1
Should Cryptography reqs be Level 1 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet requirement level Issue related to requirement levels V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2477 opened Dec 17, 2024 by tghosth
7
Should Input Validation be Level 1 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR requirement level Issue related to requirement levels V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements _5.0 - prep This needs to be addressed to prepare 5.0
#2476 opened Dec 17, 2024 by tghosth
1
21
"2.5.6 Verify forgotten password" / MFA issue 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V2 _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2475 opened Dec 17, 2024 by jackgates73
8
Clarify reasoning behind 13.2.5 4a) Waiting for another This issue is waiting for another issue to be resolved V13 _5.0 - prep This needs to be addressed to prepare 5.0
#2472 opened Dec 16, 2024 by tghosth
@elarlang
13
clarify 50.6.2 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 6) PR awaiting review V50 Group issues related to Web Frontend _5.0 - prep This needs to be addressed to prepare 5.0
#2468 opened Dec 15, 2024 by elarlang
1
28
10.6.1 (previously 14.2.1) needs to be clarified to make the goal and standard to achieve clearer. 4) proposal for review Issue contains clear proposal for add/change something V10 _5.0 - prep This needs to be addressed to prepare 5.0
#2467 opened Dec 15, 2024 by tghosth
29
V2.9.1 Cryptographic authentication mechanism, protection against disclosure is not relevant 4) proposal for review Issue contains clear proposal for add/change something V2 _5.0 - prep This needs to be addressed to prepare 5.0
#2463 opened Dec 14, 2024 by randomstuff
1
Rewording 2.8.8 (time-based multi-factor OTP token) 2) Awaiting response Awaiting a response from the original poster V2 _5.0 - prep This needs to be addressed to prepare 5.0
#2462 opened Dec 14, 2024 by randomstuff
2
Informative list of tasks and dependencies related to mapping and requirement (re)numbering 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2456 opened Dec 12, 2024 by elarlang
12 tasks
@elarlang
Crypto appendix - what about SHA-512/224? 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2448 opened Dec 9, 2024 by randomstuff
4
Crypto appendix, simplify introduction 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2447 opened Dec 9, 2024 by randomstuff
3
Crypto Appendix - Fix table of approved hash functions 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2446 opened Dec 9, 2024 by randomstuff
1
V3 chapter and section texts 6) PR awaiting review V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2442 opened Dec 6, 2024 by elarlang
@ryarmst
12
V51 - Requirements for dynamic client registration 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2427 opened Dec 1, 2024 by randomstuff
12
new requirement - cookie partitioned attribute 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V50 Group issues related to Web Frontend _5.0 - prep This needs to be addressed to prepare 5.0
#2423 opened Nov 29, 2024 by elarlang
@elarlang
Don't redirect to HTTPS for API 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V13 _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2416 opened Nov 27, 2024 by Sjord
@jmanico @tghosth @elarlang
40
Crypto Appendix - Restrictions on CCM8 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2413 opened Nov 25, 2024 by randomstuff
4
V53 Cryptographic requirements for WebRTC 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet v53 _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2412 opened Nov 25, 2024 by randomstuff
4
Site isolation 2) Awaiting response Awaiting a response from the original poster V50 Group issues related to Web Frontend _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2409 opened Nov 25, 2024 by Sjord
@Sjord
12
Crypto Appendix - Listed allowed FFDH groups do not include standard FFDH groups for TLS
#2407 opened Nov 24, 2024 by randomstuff
1
ProTip! Mix and match filters to narrow down what you’re looking for.