Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

53 Open 1,271 Closed
53 Open 1,271 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

V1.6 cleanup from non-documentation requirements V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2376 opened Nov 14, 2024 by elarlang
@danielcuthbert
2
V6 - "Stored cryptography" vs "cryptography" 4) proposal for review Issue contains clear proposal for add/change something 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2375 opened Nov 13, 2024 by randomstuff
3
Crypto appendix - give alias names for groups V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2374 opened Nov 13, 2024 by randomstuff
Add access token requirement for intented scope V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2363 opened Nov 9, 2024 by TobiasAhnoff
@TobiasAhnoff
5
Add access token requirement for preventing "key confusion" V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2361 opened Nov 9, 2024 by TobiasAhnoff
@TobiasAhnoff @ryarmst @elarlang
3
Add access token requirement for strong alg and "None" 2) Awaiting response Awaiting a response from the original poster V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2360 opened Nov 9, 2024 by TobiasAhnoff
@TobiasAhnoff
4
V6 Cryptography - requirement for Encrypted Client Hello (ECH) 4) proposal for review Issue contains clear proposal for add/change something V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2358 opened Nov 8, 2024 by danielcuthbert
@danielcuthbert
13
Link new requirements to CREs 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2334 opened Nov 7, 2024 by cronchie
1
V3 - Update section text for V3.6 and/or corresponding security decision 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2321 opened Nov 7, 2024 by ryarmst
Support Cryptographic Right Answers Post Quantum Edition (2024) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet enhancement V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2315 opened Nov 7, 2024 by randomstuff
@danielcuthbert
7
Expand the Cryptography Appendix for MAC, signatures, key derivation functions 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details enhancement _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2314 opened Nov 7, 2024 by randomstuff
@danielcuthbert
4
V6 - Proper/safe MAC usage (in contrast to digital signatures) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2310 opened Nov 6, 2024 by randomstuff
@danielcuthbert
1
V6 Verify that (TLS) certificates are validated 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR V9 _5.0 - prep This needs to be addressed to prepare 5.0
#2309 opened Nov 6, 2024 by randomstuff
@danielcuthbert
14
V7 Add transient error handling 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders V7 Temporary label for grouping logging related issues _5.0 - prep This needs to be addressed to prepare 5.0
#2281 opened Nov 6, 2024 by cronchie
@cronchie @elarlang
5
V6 Cryptography - Perfect Forward Secrecy 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2252 opened Nov 5, 2024 by danielcuthbert
@danielcuthbert
9
V6 Cryptography - Key wrapping explanation 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2246 opened Nov 5, 2024 by danielcuthbert
@danielcuthbert
6
V6 Cryptography - New ciphers and context around usage 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2244 opened Nov 5, 2024 by danielcuthbert
@danielcuthbert
1
V6 - Requirement mitigating against rerouting/Selfie attacks in when using TLS PSK authentication with group membership 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2216 opened Nov 2, 2024 by randomstuff
2
V6 - Discuss forward secrecy 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2215 opened Nov 2, 2024 by randomstuff
6
Handle Glossary _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2201 opened Oct 28, 2024 by tghosth
@ryarmst
1
review V51.4.3 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 4) proposal for review Issue contains clear proposal for add/change something V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2183 opened Oct 22, 2024 by elarlang
@randomstuff @TobiasAhnoff @elarlang
13
OAuth, Add Requirement about protection against modification of the RAR authorization_details parameter 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2151 opened Oct 15, 2024 by randomstuff
@randomstuff @TobiasAhnoff @elarlang
13
2.10.4 and 6.4.1 seem like duplicates 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 V14 _5.0 - prep This needs to be addressed to prepare 5.0
#2130 opened Oct 8, 2024 by tghosth
@tghosth
21
V51 OAuth: discuss verification of the user consent 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V8 V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2120 opened Sep 26, 2024 by randomstuff
@randomstuff @elarlang
38
V51 revokation for OAuth tokens 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2111 opened Sep 23, 2024 by elarlang
@randomstuff @TobiasAhnoff @elarlang
13
ProTip! What’s not been updated in a month: updated:<2024-10-15.