-
-
Notifications
You must be signed in to change notification settings - Fork 657
Issues: OWASP/ASVS
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
V51, Verify usage of the "iss" parameter in by the authorization server
V51
Group issues related to OAuth
#2095
opened Sep 19, 2024 by
randomstuff
51.2.2 - what is the purpose for the requirement?
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
2) Awaiting response
Awaiting a response from the original poster
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#2092
opened Sep 18, 2024 by
elarlang
51.2.1 OAuth authorization code - prevent replay and limit the lifetime
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#2090
opened Sep 18, 2024 by
elarlang
Are parts of 14.2.x section out of scope for ASVS?
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V14
_5.0 - prep
This needs to be addressed to prepare 5.0
#2088
opened Sep 17, 2024 by
tghosth
Is 14.1.1 in scope for ASVS?
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V14
_5.0 - prep
This needs to be addressed to prepare 5.0
#2084
opened Sep 15, 2024 by
tghosth
1.3.1 - Session Controls Documentation
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V1
V3
_5.0 - prep
This needs to be addressed to prepare 5.0
#2076
opened Sep 13, 2024 by
ryarmst
move configuration related requirements from V1 to V14.6
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V1
V14
_5.0 - prep
This needs to be addressed to prepare 5.0
#2072
opened Sep 12, 2024 by
elarlang
1.4.7 - Access Control Documentation
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V1
V4
Temporary label for grouping authorization related issues
_5.0 - prep
This needs to be addressed to prepare 5.0
#2065
opened Sep 4, 2024 by
EnigmaRosa
4.3.5 - Coverage by access control policies and deny by default otherwise
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V4
Temporary label for grouping authorization related issues
_5.0 - prep
This needs to be addressed to prepare 5.0
#2063
opened Sep 4, 2024 by
EnigmaRosa
4.2.4 - Originating component permissions
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V4
Temporary label for grouping authorization related issues
_5.0 - prep
This needs to be addressed to prepare 5.0
#2061
opened Sep 4, 2024 by
EnigmaRosa
4.1.7 - Real time access control decision making
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V4
Temporary label for grouping authorization related issues
_5.0 - prep
This needs to be addressed to prepare 5.0
#2059
opened Sep 4, 2024 by
EnigmaRosa
V51 OAuth: Add new OIDC Authorization Server verifications
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
2) Awaiting response
Awaiting a response from the original poster
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#2047
opened Aug 31, 2024 by
TobiasAhnoff
V51 OAuth: Add resource server verifications (modify 51.3.1)
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
2) Awaiting response
Awaiting a response from the original poster
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#2045
opened Aug 31, 2024 by
TobiasAhnoff
V51 OAuth: Add client verifications
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
2) Awaiting response
Awaiting a response from the original poster
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#2044
opened Aug 31, 2024 by
TobiasAhnoff
V51 OAuth: Add verifications for Authorization Server client configuration
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
4) proposal for review
Issue contains clear proposal for add/change something
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#2043
opened Aug 31, 2024 by
TobiasAhnoff
V51 OAuth: Add verification for PAR
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#2042
opened Aug 31, 2024 by
TobiasAhnoff
V51 OAuth: Add code and PKCE related verifications
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#2041
opened Aug 31, 2024 by
TobiasAhnoff
V51 OAuth: Add refresh token verfications
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#2040
opened Aug 31, 2024 by
TobiasAhnoff
proposal: add/merge OIDC requirements into OAuth2 paragraph (instead of separate OIDC paragraph)
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#2039
opened Aug 31, 2024 by
elarlang
V51 OAuth: Add OAuth verifications for token management
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#2038
opened Aug 31, 2024 by
TobiasAhnoff
V51 OAuth: Add new OIDC chapter
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#2037
opened Aug 31, 2024 by
TobiasAhnoff
V51 OAuth: Improve scope definition for new OAuth chapter
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
#2036
opened Aug 31, 2024 by
TobiasAhnoff
Insert Burp Sequencer Test Cases for Randomness
4b Major-rework
These issues need to be part of a full chapter rework
V6
_5.0 - prep
This needs to be addressed to prepare 5.0
#2024
opened Aug 22, 2024 by
cmlh
Set Account Lockout ASVS Levels 1-3 Aligned to NIST, PCI-DSS, CIS et al
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V2
_5.0 - prep
This needs to be addressed to prepare 5.0
#2011
opened Aug 11, 2024 by
cmlh
Proposal/discussion: OIDC requirement about ID token only being used to prove that the user has been authenticated (edit: a general requirement for allowing only intended usage for tokens)
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V51
Group issues related to OAuth
Will be closed if no response/opposite arguments
_5.0 - prep
This needs to be addressed to prepare 5.0
#2005
opened Jul 27, 2024 by
deleterepo
Previous Next
ProTip!
Add no:assignee to see everything that’s not assigned.