Skip to content

Issues: OWASP/ASVS

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

72 Open 1,330 Closed
72 Open 1,330 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

51.1.1 wording improvement V51 Group issues related to OAuth _5.0 - prep This needs to be addressed to prepare 5.0
#2520 opened Jan 10, 2025 by elarlang
remove "xss" from 5.2.7 V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements _5.0 - prep This needs to be addressed to prepare 5.0
#2518 opened Jan 9, 2025 by elarlang
1
mapping fix && discussion of labels 6) PR awaiting review _5.0 - draft This should be discussed once a 5.0 draft has been prepared.
#2515 opened Jan 8, 2025 by elarlang
3
Feedback about approved KEX schemes 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2514 opened Jan 8, 2025 by randomstuff
1
Feedback about approved MAC algorithms 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2513 opened Jan 8, 2025 by randomstuff
Feedback about hash functions 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2512 opened Jan 8, 2025 by randomstuff
Requirement about key wrapping 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2511 opened Jan 8, 2025 by randomstuff
2
Crypto appendix AEGIS 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2510 opened Jan 8, 2025 by randomstuff
Feedback about recommended AES modes 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2509 opened Jan 8, 2025 by randomstuff
3
Turkish translation translation _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
#2508 opened Jan 8, 2025 by ataseren
1
Cryptography - clarification about 6.2.4 and PQC 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2502 opened Jan 2, 2025 by randomstuff
@danielcuthbert
3
Cryptography - suggested verification of Diffie-Hellman points 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2501 opened Jan 2, 2025 by randomstuff
@danielcuthbert
5
Cryptography, proposed modification to 6.6.4 related to (second) pre-image attacks 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2500 opened Jan 2, 2025 by randomstuff
@danielcuthbert
3
Cryptography - proposed requirement about MAC verification failure 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2499 opened Jan 2, 2025 by randomstuff
@danielcuthbert
4
Cryptography - suggested modification of 6.5.5 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2498 opened Jan 2, 2025 by randomstuff
@danielcuthbert
6
Cryptography - suggested modification of 6.5.4 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2497 opened Jan 2, 2025 by randomstuff
@danielcuthbert
3
Cryptography tweak wording related to "authenticated encryption", "MAC algorithm" 6) PR awaiting review Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2495 opened Jan 2, 2025 by randomstuff
@danielcuthbert
9
Cryptography - Received comments about CBC 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2494 opened Jan 2, 2025 by randomstuff
@danielcuthbert
2
13.6.2 move into V50 (if not merged into V50.4.1) 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 4a) Waiting for another This issue is waiting for another issue to be resolved V13 V50 Group issues related to Web Frontend _5.0 - prep This needs to be addressed to prepare 5.0
#2492 opened Jan 2, 2025 by elarlang
1
new requirement - do not follow redirects by default for requests made by server-side components 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements V14 _5.0 - prep This needs to be addressed to prepare 5.0
#2491 opened Jan 2, 2025 by elarlang
2
Remaining reqs in section 5.1 seem like they don't belong. 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos next meeting Filter for leaders V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements _5.0 - prep This needs to be addressed to prepare 5.0
#2487 opened Dec 26, 2024 by tghosth
4
6.2.9 and CCM-8 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2485 opened Dec 22, 2024 by randomstuff
2
Clarify CSRF requirement 50.4.1 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet next meeting Filter for leaders V50 Group issues related to Web Frontend _5.0 - prep This needs to be addressed to prepare 5.0
#2481 opened Dec 18, 2024 by tghosth
@elarlang
20
Should format string and memory safety reqs be Level 1? 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet requirement level Issue related to requirement levels V5 Temporary label for grouping input validation, sanitization, encoding, escaping related requirements _5.0 - prep This needs to be addressed to prepare 5.0
#2478 opened Dec 17, 2024 by tghosth
3
Should Cryptography reqs be Level 1 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet requirement level Issue related to requirement levels V6 _5.0 - prep This needs to be addressed to prepare 5.0
#2477 opened Dec 17, 2024 by tghosth
7
ProTip! Exclude everything labeled bug with -label:bug.