Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

50 Open 1,292 Closed
50 Open 1,292 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Crypto Appendix - Restrictions on CCM8
#2413 opened Nov 25, 2024 by randomstuff
V53 Cryptographic requirements for WebRTC
#2412 opened Nov 25, 2024 by randomstuff
1
Add requirements for random value entropy 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2411 opened Nov 25, 2024 by randomstuff
2
move (and re-org) V3.4 cookies V3 V50 Group issues related to Web Frontend _5.0 - prep This needs to be addressed to prepare 5.0
#2410 opened Nov 25, 2024 by elarlang
4
Site isolation 2) Awaiting response Awaiting a response from the original poster V50 Group issues related to Web Frontend _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2409 opened Nov 25, 2024 by Sjord
@Sjord
3
Crypto Appendix - Listed allowed FFDH groups do not include standard FFDH groups for TLS
#2407 opened Nov 24, 2024 by randomstuff
Requirement for managing user consents 4) proposal for review Issue contains clear proposal for add/change something V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2401 opened Nov 21, 2024 by elarlang
16
Appendix Crypto - Allowed mechanisms and requirement levels 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2398 opened Nov 21, 2024 by randomstuff
2
V6 - Requirement about UUIDs and CSPRNG 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2396 opened Nov 20, 2024 by randomstuff
@danielcuthbert
10
V1.6.5 - Unclear "cryptographic discovery mechanism" V1 V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2395 opened Nov 20, 2024 by randomstuff
Fix backend/back-end terminology 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos Community wanted We would like feedback from the community to guide our decision otherwise we will progress _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2390 opened Nov 20, 2024 by tghosth
1
Where to move or what to do with V3.5 section (tokens section in session management chapter) 4a) Waiting for another This issue is waiting for another issue to be resolved V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2384 opened Nov 18, 2024 by elarlang
33
Crypto appendix - mention missing mechanisms 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2380 opened Nov 17, 2024 by randomstuff
5
Crypto appendix - give alias names for groups 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2374 opened Nov 13, 2024 by randomstuff
@danielcuthbert
2
Add access token requirement for preventing "key confusion" V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2361 opened Nov 9, 2024 by TobiasAhnoff
@TobiasAhnoff @ryarmst @elarlang
13
Modify 3.5.5 - split key confusion part to a separate requirement 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2360 opened Nov 9, 2024 by TobiasAhnoff
@TobiasAhnoff
13
Link new requirements to CREs 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2334 opened Nov 7, 2024 by cronchie
1
V3 - Update section text for V3.6 and/or corresponding security decision 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V3 _5.0 - prep This needs to be addressed to prepare 5.0
#2321 opened Nov 7, 2024 by ryarmst
V6 - Proper/safe MAC usage (in contrast to digital signatures) 2) Awaiting response Awaiting a response from the original poster AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2310 opened Nov 6, 2024 by randomstuff
@randomstuff
4
V7 Add transient error handling 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V7 Temporary label for grouping logging related issues _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2281 opened Nov 6, 2024 by cronchie
@cronchie @elarlang
7
V6 - Requirement mitigating against rerouting/Selfie attacks in when using TLS PSK authentication with group membership 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V9 _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2216 opened Nov 2, 2024 by randomstuff
3
V6 - Discuss forward secrecy 2) Awaiting response Awaiting a response from the original poster V9 _5.0 - prep This needs to be addressed to prepare 5.0
#2215 opened Nov 2, 2024 by randomstuff
@randomstuff
20
Handle Glossary _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2201 opened Oct 28, 2024 by tghosth
@ryarmst
1
review V51.4.3 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2183 opened Oct 22, 2024 by elarlang
@randomstuff @TobiasAhnoff @elarlang
26
Link checker is temperamental and apparently deprecated GH_ACTIONS MAKEFILE _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#1990 opened Jul 10, 2024 by tghosth
@ike
13
ProTip! Mix and match filters to narrow down what you’re looking for.