Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

61 Open 1,356 Closed
61 Open 1,356 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Level to numeric field
#2560 opened Jan 30, 2025 by elarlang
3
Clarify auth code requirements in V50.4 4) proposal for review Issue contains clear proposal for add/change something V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2558 opened Jan 30, 2025 by tghosth
1
2
ASVS v5.0 release checklist - rough workings _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2555 opened Jan 29, 2025 by tghosth
1
Must vs should _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2554 opened Jan 29, 2025 by elarlang
Reordering chapters 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2553 opened Jan 29, 2025 by elarlang
Remove SHA-1 (once and for all) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2551 opened Jan 28, 2025 by randomstuff
10
OIDC acr downgrade 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2543 opened Jan 20, 2025 by elarlang
12
5.6.3 The translation is incorrect 2) Awaiting response Awaiting a response from the original poster translation Will be closed if no response/opposite arguments _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2525 opened Jan 13, 2025 by unknown-user-from
@unknown-user-from
1
Feedback about approved KEX schemes 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2514 opened Jan 8, 2025 by randomstuff
1
Feedback about approved MAC algorithms 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2513 opened Jan 8, 2025 by randomstuff
Feedback about hash functions 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2512 opened Jan 8, 2025 by randomstuff
Requirement about key wrapping 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2511 opened Jan 8, 2025 by randomstuff
3
Crypto appendix AEGIS 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2510 opened Jan 8, 2025 by randomstuff
Feedback about recommended AES modes 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2509 opened Jan 8, 2025 by randomstuff
4
Cryptography - suggested verification of Diffie-Hellman points 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2501 opened Jan 2, 2025 by randomstuff
@danielcuthbert
14
Cryptography, proposed modification to 6.6.4 related to (second) pre-image attacks 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2500 opened Jan 2, 2025 by randomstuff
@danielcuthbert
25
Cryptography - suggested modification of 6.5.4 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2497 opened Jan 2, 2025 by randomstuff
@danielcuthbert
4
Cryptography - Received comments about CBC 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2494 opened Jan 2, 2025 by randomstuff
@danielcuthbert
2
Remaining reqs in section 5.1 seem like they don't belong. 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos next meeting Filter for leaders V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements _5.0 - prep This needs to be addressed to prepare 5.0
#2487 opened Dec 26, 2024 by tghosth
@elarlang
10
Should format string and memory safety reqs be Level 1? 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet requirement level Issue related to requirement levels V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements Will be closed if no response/opposite arguments _5.0 - prep This needs to be addressed to prepare 5.0
#2478 opened Dec 17, 2024 by tghosth
6
"2.5.6 Verify forgotten password" / MFA issue 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V2 _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2475 opened Dec 17, 2024 by jackgates73
10
Informative list of tasks and dependencies related to mapping and requirement (re)numbering 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2456 opened Dec 12, 2024 by elarlang
11 tasks
@elarlang
Crypto appendix - what about SHA-512/224? 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2448 opened Dec 9, 2024 by randomstuff
7
Crypto appendix, simplify introduction 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2447 opened Dec 9, 2024 by randomstuff
3
Crypto Appendix - Fix table of approved hash functions 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2446 opened Dec 9, 2024 by randomstuff
1
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.