OWASP/ASVS

Issues

• split from 2.2.1 - disallow account lockout

  #2134 opened 19 days ago by elarlang
  4

• V1 - cleanup from implementation requirements

  #2137 opened 20 days ago by elarlang
  2

• clarification for V4.1 and V4.2

  #2139 opened 20 days ago by elarlang
  15

• V4.1.3 - split principle and verifiable parts

  #2196 opened a month ago by elarlang
  6

• update 3.5.5

  #2204 opened a month ago by elarlang
  8

• review V51.3.3 and V51.3.4

  #2181 opened a month ago by elarlang
  2

• review V51.4.2

  #2182 opened a month ago by elarlang
  3

• clarify V5.3 and V5.5 section titles

  #2206 opened a month ago by elarlang
  0

• Compression based side-channel attacks and BREACH

  #2203 opened a month ago by randomstuff
  12

• V51 OAuth: discuss verification of the user consent

  #2120 opened 2 months ago by randomstuff
  20

• 3.5.4 - token time-window validation

  #2185 opened a month ago by elarlang
  10

• 3.3.5 - Update to correspond updated 3.3.2

  #2172 opened a month ago by ryarmst
  2

• V4 principles coverage

  #2195 opened a month ago by elarlang
  3

• 3.5.3 update (stateless token signature or mac)

  #2184 opened a month ago by elarlang
  7

• V3 Terminology Addition

  #2100 opened a month ago by ryarmst
  21

• Need to check that the glossary is in alphabetical order correctly

  #2201 opened a month ago by tghosth
  1

• Review requirementes 14.2.6 and 14.2.8, potential move to V10

  #2166 opened a month ago by elarlang
  32

• Add requirement about segmentation of SSO identities

  #2150 opened a month ago by randomstuff
  14

• 2.10.4 and 6.4.1 seem like duplicates

  #2130 opened a month ago by tghosth
  20

• OAuth, Add Requirement about protection against modification of the RAR authorization_details parameter

  #2151 opened a month ago by randomstuff
  9

• V51 - OAuth - DPoP proof replay attack protection

  #2188 opened a month ago by randomstuff
  3

• 14.2.1 - component up to date

  #2164 opened a month ago by elarlang
  10

• V14.2.7 - move to V10

  #2167 opened a month ago by elarlang
  8

• 51.2.15 - OAuth - ask to be transaction-specific

  #2092 opened a month ago by elarlang
  30

• V51 - OAuth - sender-contrained refresh tokens

  #2110 opened a month ago by elarlang
  28

• review V51.4.3

  #2183 opened a month ago by elarlang
  0

• OAuth: require Authorization Code Binding to a DPoP Key

  #2160 opened a month ago by randomstuff
  9

• proposal: merge 14.2.4 and 14.2.5 and move to V1.10

  #2165 opened a month ago by elarlang
  2

• Clarify scope for chapter V10

  #2173 opened a month ago by tghosth
  0

• 1.3.3 - Handling Session Termination with SSO (Documentation)

  #2102 opened 2 months ago by ryarmst
  7

• v3.2.1 identifier rotating for a stateless mechanism

  #2112 opened a month ago by tghosth
  7

• 1.3.2 - Multiple Concurrent Sessions Handling (Documentation)

  #2101 opened a month ago by ryarmst
  15

• 3.3.2 - Update to correspond to NIST SP 800-63B revision 4 draft

  #2113 opened a month ago by ryarmst
  14

• V1.3 Session Management Architecture - Section Text Proposal

  #2103 opened a month ago by ryarmst
  5

• 14.3.3 - reword for clarifying the goal

  #2142 opened a month ago by elarlang
  4

• Is 1.4.4 a useful and verifiable requirement.

  #2147 opened a month ago by tghosth
  4

• Consider Adding RASP for Runtime Attack Prevention

  #2144 opened a month ago by ImanSharaf
  4

• 4.1.1 belongs in V4.2

  #2143 opened a month ago by EnigmaRosa
  3

• OAuth, Add Requirement about exposing data through authorization_details

  #2152 opened a month ago by randomstuff
  3

• Challenge to ASVS Item 10.2.3: Scope and Consistency Concerns

  #2145 opened a month ago by ImanSharaf
  6

• V1.11.3 and V11.1.6 - merge tactou requirements

  #2138 opened a month ago by elarlang
  6

• 51.2.1 OAuth authorization code - prevent replay and limit the lifetime

  #2090 opened a month ago by elarlang
  13

• 3.2.4

  #2131 opened a month ago by jmanico
  12

• V51 revokation for OAuth tokens

  #2111 opened a month ago by elarlang
  12

• Deduplicate SSRF requirements

  #2115 opened 2 months ago by tghosth
  13

• V51, Verify usage of the "iss" parameter in by the authorization server

  #2095 opened 2 months ago by randomstuff
  9

• V51 - OAuth - confidential client

  #2109 opened 2 months ago by elarlang
  7

• [Feature] Proposed section for manage secrets

  #2119 opened 2 months ago by insidesecurity-yhojann-aguilera
  1

• 5.1.2 mass assignment is not really Input Validation

  #2114 opened 2 months ago by tghosth
  5

• Add DTLS certificate / SDP fingerprint attribute verification to WebRTC chapter (53.2)

  #2098 opened 2 months ago by sandrogauci
  0