Giters
OWASP
/
ASVS
Application Security Verification Standard
Geek Repo:
Geek Repo
Github PK Tool:
Github PK Tool
Stargazers:
2599
Watchers:
144
Issues:
1154
Forks:
636
OWASP/ASVS Issues
Proposal: the application must belong/covered to the HSTS preload list (probably level 3)
Closed
2 months ago
Comments count
43
URL Safety
Updated
a month ago
Comments count
20
lowercase vs uppercase grammar (original: 6.2.1 causes capitalization inconsistency)
Updated
a month ago
Comments count
13
client should not send longer request headers than server can accept
Updated
a month ago
Comments count
7
Password Storage Algorithms 2.4.1 revisited
Updated
a month ago
Comments count
2
4.3.1 and 4.3.3
Updated
a month ago
Comments count
5
Clarify horizontal and vertical access control (4.2.1)
Updated
a month ago
Comments count
11
cleanup V3.5 Token-based Session Management
Updated
a month ago
Comments count
14
proposal/discussion: OAuth - separate requirement for redirect_uri string-match registration and handling
Updated
a month ago
Comments count
6
update 50.2.1 (v4.0.3-14.4.3) and/or split requirement for content-security-policy
Updated
a month ago
Comments count
11
discussion OAuth/OIDC: accepted flows and grants
Updated
a month ago
Comments count
6
V51: Additional OAuth/OIDC proposals
Updated
a month ago
Comments count
6
discussion: OAuth - using OAuth just for authentication
Updated
a month ago
Comments count
4
proposal/discussion: OAuth: requirement for refresh_token lifetime
Updated
a month ago
proposal/discussion: JWT - 3.5.6 add "type", and rephrase it to describe the goal
Updated
a month ago
Comments count
6
proposal/discussion: OAuth - (for 1st party usage) only used (by the client) communication options must be allowed by authorization server
Updated
a month ago
Comments count
3
proposal/discussion: OAuth - disallow web application to be OAuth public client (and to have direct communication with OAuth token endpoint)
Updated
a month ago
V51 OAuth: Consider adding more general OAuth verifications
Updated
a month ago
Comments count
5
oauth related discussions
Closed
a month ago
Comments count
3
move or merge 8.3.5 to V7
Closed
2 months ago
Comments count
3
V11 rework by @jmanico
Updated
2 months ago
Comments count
15
Requesting Clarifying Definition in the Business Logic Section Header
Updated
2 months ago
Comments count
3
move section V5.5 (and V5.4) to V10
Closed
2 months ago
Comments count
19
7.2.4 (v4.0.3-9.2.5) - improve the wording to cover all connection errors and failed certificate checks
Closed
2 months ago
Comments count
10
Minor V7 changes
Closed
2 months ago
Comments count
2
7.2.3 (v4.0.3-7.1.3) - wording improvement
Closed
2 months ago
Comments count
7
Italian Translation
Updated
2 months ago
Comments count
1
V51 OAuth: Consider narrowing or expanding the scope for the OAuth2 chapter
Updated
2 months ago
Comments count
12
Do we want V7.4 to get moved to V10?
Closed
2 months ago
Comments count
3
encoded sensitive data (such as JWT) should not be logged
Updated
2 months ago
Comments count
5
Add ReqView format as generated output
Closed
2 months ago
Comments count
5
2.3.4 does not seem like registration
Updated
2 months ago
Comments count
1
13.4.2 seems too broad and not testable
Closed
2 months ago
Comments count
23
Finalize web socket requirements
Closed
2 months ago
Comments count
12
V8.3 security and policy
Closed
3 months ago
Comments count
11
2.1.2 Passwords of more than 128 characters are denied (make entire 2.4 more abstract)
Closed
3 months ago
Comments count
20
4.3.3
Closed
3 months ago
Comments count
1
2.3.1 and 2.5.1 tags are misleading
Closed
3 months ago
Comments count
2
Tracking supporters
Updated
3 months ago
Comments count
6
proposal: move 1.14.6 to V50 (Web Frontend Security)
Closed
3 months ago
Comments count
2
Proposal to remove serverless references
Closed
3 months ago
Comments count
6
2.10.5 (v4.0.3-9.2.3) - belongs in authentication (needs improvement and scope check)
Closed
3 months ago
Comments count
15
Ismael
Closed
4 months ago
Comments count
1
V9 rework - 9.2.5 has insufficient value
Closed
4 months ago
Comments count
5
clarifying 5.1.3
Closed
4 months ago
Comments count
9
Should easily visible logout functionality be a requirement or a recomendation
Closed
4 months ago
Comments count
15
5.1.1 - terminology, GET and POST...
Closed
4 months ago
Comments count
14
Something amiss in requirement description for v5.0-50.5.3
Closed
4 months ago
Comments count
4
new V5 section for architecture requirements
Closed
5 months ago
Comments count
2
13.5.3 rate limiting should apply to all APIs
Closed
5 months ago
Comments count
8
Previous
Next