Issues
- 4
- 14
Proposal/discussion: OIDC nonce claim requirement
#2002 opened by deleterepo - 0
- 9
1.3.1 - Session Controls Documentation
#2076 opened by ryarmst - 3
V3 Terminology Addition
#2100 opened by ryarmst - 0
- 38
V51 OAuth: Add code and PKCE related verifications
#2041 opened by TobiasAhnoff - 0
- 20
- 12
Are parts of 14.2.x section out of scope for ASVS?
#2088 opened by tghosth - 4
Is 14.1.1 in scope for ASVS?
#2084 opened by tghosth - 10
V51 OAuth: Add client verifications
#2044 opened by TobiasAhnoff - 0
Add DTLS certificate / SDP fingerprint attribute verification to WebRTC chapter (53.2)
#2098 opened by sandrogauci - 4
- 3
- 2
51.2.2 - what is the purpose for the requirement?
#2092 opened by elarlang - 1
- 19
Proposal/discussion: OIDC requirement about ID token only being used to prove that the user has been authenticated (edit: a general requirement for allowing only intended usage for tokens)
#2005 opened by deleterepo - 7
deduplicate or merge 14.6.2 and 1.14.7
#2082 opened by elarlang - 18
1.4.6 - Contextual attributes for access decisions
#2062 opened by EnigmaRosa - 15
V51 OAuth: Add verifications for Authorization Server client configuration
#2043 opened by TobiasAhnoff - 8
V51 OAuth: Add new OIDC Client verifications
#2048 opened by TobiasAhnoff - 37
move configuration related requirements from V1 to V14.6
#2072 opened by elarlang - 4
Proposal/discussion: OIDC requirement to ensure issuer URL == issuer claim
#2003 opened by deleterepo - 11
V51 OAuth client CSRF protection for token request
#2068 opened by elarlang - 3
V51 OAuth: Add verification for PAR
#2042 opened by TobiasAhnoff - 4
Section titles in V12
#2066 opened by elarlang - 15
- 6
V51 OAuth: Add new OIDC generic verifications
#2046 opened by TobiasAhnoff - 5
V51 OAuth: Add new OIDC Resource Server verifications
#2049 opened by TobiasAhnoff - 3
V51 OAuth: Add new OIDC chapter
#2037 opened by TobiasAhnoff - 15
V51 OAuth: Add refresh token verfications
#2040 opened by TobiasAhnoff - 9
proposal: add/merge OIDC requirements into OAuth2 paragraph (instead of separate OIDC paragraph)
#2039 opened by elarlang - 13
4.2.3 - Multi-tenant access controls
#2060 opened by EnigmaRosa - 14
1.4.7 - Access Control Documentation
#2065 opened by EnigmaRosa - 9
4.2.4 - Originating component permissions
#2061 opened by EnigmaRosa - 0
V5 intro and section text.
#2027 opened by tghosth - 13
5.6.2 Adding Server-side validation proposal
#2006 opened by mesutgungor - 3
- 4
4.1.6 - Verify implementation of access control design
#2058 opened by EnigmaRosa - 6
- 3
4.1.7 - Real time access control decision making
#2059 opened by EnigmaRosa - 3
Move all documentation requirements out of v1 and into their respective sections when possible
#2067 opened by jmanico - 21
Padding out chapter 4 (access control)
#2033 opened by EnigmaRosa - 9
Should 8.2.2 specifically allow for encrypted data
#2029 opened by tghosth - 40
8.2.2 advice on sessionStorage breaks multi-tab web application use unlike cookies
#2010 opened by jmanico - 7
7.1 Proposal for Masked Data Logging Need
#2007 opened by mesutgungor - 0
Insert Burp Sequencer Test Cases for Randomness
#2024 opened by cmlh - 5
CWE indicated in requirement 50.2.1 (previously v4.0.3-14.4.3) seems incorrect
#2013 opened by kwwall - 0