OWASP/ASVS issues and pull requests

#100 - STRIDE

Issue - State: closed - Opened by fufufanatic over 8 years ago - 2 comments

#99 - Changing to Markdown

Issue - State: closed - Opened by ethicalhack3r over 8 years ago - 11 comments

#98 - 3.0.1 Redline

Pull Request - State: closed - Opened by jasonamorrow over 8 years ago

#97 - Typos in Figure 1

Issue - State: closed - Opened by jasonamorrow over 8 years ago - 2 comments

#96 - rename V7: Cryptography at rest title to Cryptography and Randomness

Issue - State: closed - Opened by boos over 8 years ago - 2 comments

#95 - Typo V10.14 Online Certificate Status Protocol

Issue - State: closed - Opened by shenril almost 9 years ago - 1 comment

#94 - 13.2 Verify that a code review...

Issue - State: closed - Opened by sjswoboda almost 9 years ago - 1 comment

#93 - requirement v2.12 revise proposal: Verify that all authentication decisions are logged

Issue - State: closed - Opened by boos almost 9 years ago - 3 comments
Labels: enhancement

#92 - obvious but missing requirement on V1 section on software free from known vulnerabilities

Issue - State: closed - Opened by boos almost 9 years ago - 1 comment
Labels: enhancement

#91 - 11.4

Issue - State: closed - Opened by relaxnow almost 9 years ago - 3 comments

#90 - Requirements # are inconsistent

Issue - State: closed - Opened by relaxnow almost 9 years ago - 1 comment

#89 - 9.9 superfluous ")" and missing word

Issue - State: closed - Opened by relaxnow almost 9 years ago - 1 comment

#88 - 2.20 wording

Issue - State: closed - Opened by relaxnow almost 9 years ago - 1 comment

#87 - Finalize 3.0 milestone

Issue - State: closed - Opened by vanderaj almost 9 years ago

#86 - Add V5.22 - mass assignment

Issue - State: closed - Opened by kravietz almost 9 years ago - 2 comments
Labels: enhancement

#85 - Verify that...

Issue - State: closed - Opened by vanderaj almost 9 years ago - 1 comment
Labels: enhancement

#84 - Move "Since" to an appendix.

Issue - State: closed - Opened by vanderaj almost 9 years ago - 1 comment

#83 - Level 1 Verification Requirements

Issue - State: closed - Opened by raoul361 about 9 years ago - 1 comment

#82 - V2.12 (add below) (level 3) logging of metadata

Issue - State: closed - Opened by raoul361 about 9 years ago - 2 comments

#81 - V2.1 - adding "default" to authentication requirement.

Issue - State: closed - Opened by raoul361 about 9 years ago - 1 comment

#80 - V2.29 - secrets/passwords/keys not in source repositories

Issue - State: closed - Opened by raoul361 about 9 years ago - 1 comment

#79 - V9.8 - add SIEM

Issue - State: closed - Opened by raoul361 about 9 years ago - 1 comment

#78 - PCI-DSS section 6.x

Issue - State: closed - Opened by raoul361 about 9 years ago - 3 comments
Labels: enhancement

#77 - PCI DSS data element mapping

Issue - State: closed - Opened by raoul361 about 9 years ago - 2 comments
Labels: enhancement

#76 - V19.8 - external components - hosting?

Issue - State: closed - Opened by raoul361 about 9 years ago - 2 comments

#75 - Certificate pining, V10.10 - level 2

Issue - State: closed - Opened by raoul361 about 9 years ago - 1 comment
Labels: enhancement

#74 - General suggestion - use case for non-functional requirements in outsourced development

Issue - State: closed - Opened by raoul361 about 9 years ago - 1 comment

#73 - V2.9 Password Strength Indicator

Issue - State: closed - Opened by weasel0x00 about 9 years ago - 1 comment

#72 - Data integrity addition

Issue - State: closed - Opened by vanderaj about 9 years ago - 1 comment
Labels: enhancement

#71 - Web service feedback

Issue - State: closed - Opened by vanderaj about 9 years ago - 1 comment

#70 - Data protection feedback

Issue - State: closed - Opened by vanderaj about 9 years ago - 1 comment

#69 - Authentication feedback

Issue - State: closed - Opened by vanderaj about 9 years ago - 1 comment

#68 - Dan - pls allocate half the tasks to you

Issue - State: closed - Opened by vanderaj about 9 years ago - 2 comments

#67 - Include CWE mapping for all ASVS items

Issue - State: closed - Opened by vanderaj about 9 years ago - 11 comments
Labels: enhancement

#66 - new checklist items + added small intro about OWASP-SKF

Pull Request - State: closed - Opened by blabla1337 about 9 years ago

#65 - V9.9 - More client side storage examples

Issue - State: closed - Opened by vizzdoom about 9 years ago - 1 comment
Labels: enhancement

#64 - V20 – Client-side sandboxing

Issue - State: closed - Opened by vizzdoom about 9 years ago - 2 comments
Labels: enhancement

#63 - V11.10 – Missing CSP approach to mitigate clickjacking attacks

Issue - State: closed - Opened by vizzdoom about 9 years ago - 1 comment
Labels: enhancement

#62 - V20.6 – Missing CSP 2.0 headers

Issue - State: closed - Opened by vizzdoom about 9 years ago - 1 comment
Labels: enhancement

#61 - Splitting V19.1

Issue - State: closed - Opened by marpuch about 9 years ago - 2 comments
Labels: enhancement

#60 - V10.15 reword

Issue - State: closed - Opened by kravietz about 9 years ago - 1 comment

#59 - V10.12 reword

Issue - State: closed - Opened by kravietz about 9 years ago - 1 comment

#58 - V10.10

Issue - State: closed - Opened by kravietz about 9 years ago - 1 comment

#57 - remove excessive logging requirements

Issue - State: closed - Opened by countermode about 9 years ago - 6 comments

#56 - V10.8 should be dropped

Issue - State: closed - Opened by kravietz about 9 years ago - 1 comment

#55 - Reword requirements - remove "verify that"

Issue - State: closed - Opened by countermode about 9 years ago - 2 comments

#54 - V11.13 no-sniff

Issue - State: closed - Opened by kravietz about 9 years ago - 1 comment

#53 - Data Integrity Requirements

Issue - State: closed - Opened by mgrinsven about 9 years ago - 6 comments
Labels: enhancement

#52 - Q on V5.21: grey-listing?

Issue - State: closed - Opened by pgwammes over 9 years ago - 3 comments

#51 - Q about V7.13: PII refers to "personally identifiable information"?

Issue - State: closed - Opened by pgwammes over 9 years ago - 5 comments

#50 - Duplicate Wording in Controls

Issue - State: closed - Opened by weasel0x00 over 9 years ago - 1 comment

#49 - Pls rephrase V2.27

Issue - State: closed - Opened by pgwammes over 9 years ago - 2 comments

#48 - Please enumerate what's new in version 3.0

Issue - State: closed - Opened by javabeanz over 9 years ago - 4 comments
Labels: enhancement

#47 - Quick QA notes

Issue - State: closed - Opened by ethicalhack3r over 9 years ago - 6 comments

#46 - Renaming files in repository

Issue - State: closed - Opened by athiasjerome over 9 years ago - 2 comments

#45 - [V17 - Mobile Controls.xlsx] Verify that App manifest file doesn't contain Dailer secret code.

Issue - State: closed - Opened by bugwrangler over 9 years ago - 4 comments
Labels: enhancement

#44 - [V19 - Configuration Management.xlsx] Verify that back-up flag isn't available for the mobile App binary.

Issue - State: closed - Opened by bugwrangler over 9 years ago - 1 comment
Labels: enhancement

#43 - OWASP AppSecEU 2015 Summit

Pull Request - State: closed - Opened by hoggmania over 9 years ago

#42 - HTTP Configuration

Issue - State: closed - Opened by vanderaj over 9 years ago

#41 - Rename HTTP Configuration -> Configuration

Issue - State: closed - Opened by vanderaj over 9 years ago

#40 - Add - Architecture and Threat Modelling Chapter

Issue - State: closed - Opened by vanderaj over 9 years ago

#39 - TLS - additions

Issue - State: closed - Opened by vanderaj over 9 years ago

#38 - Add client side encoding section

Issue - State: closed - Opened by vanderaj over 9 years ago

#37 - Add web service section

Issue - State: closed - Opened by vanderaj over 9 years ago

#36 - Data protection - add in assumption or requirement that the protecting is occuring on a trusted device

Issue - State: closed - Opened by vanderaj over 9 years ago - 1 comment

#35 - Data Protection - add in treatment plans

Issue - State: closed - Opened by vanderaj over 9 years ago - 1 comment
Labels: enhancement

#34 - 17.2 Rewording

Issue - State: closed - Opened by iriusrisk over 9 years ago - 1 comment

#33 - Consider the differences between 4.9 and 4.11 and possibly merge

Issue - State: closed - Opened by vanderaj over 9 years ago - 1 comment

#32 - Call out XSS explicitly in section 5.

Issue - State: closed - Opened by vanderaj over 9 years ago

#31 - Addition to introduction - what skills do you need to use the ASVS

Issue - State: closed - Opened by vanderaj over 9 years ago - 1 comment
Labels: enhancement

#30 - Encrypt before store clarification

Issue - State: closed - Opened by vanderaj over 9 years ago - 1 comment

#29 - Mapping 1.0->2.0->2.1 table required

Issue - State: closed - Opened by vanderaj over 9 years ago - 2 comments
Labels: enhancement

#28 - Authentication - need a confirm old password section

Issue - State: closed - Opened by vanderaj over 9 years ago - 1 comment
Labels: enhancement

#27 - V11.8 and V11.10 are duplicates

Issue - State: closed - Opened by vanderaj over 9 years ago - 1 comment

#26 - 4.17 - aggregate access control protection needs refactoring

Issue - State: closed - Opened by vanderaj over 9 years ago - 1 comment

#25 - 4.9 - cleanup the word "role" and "such that"

Issue - State: closed - Opened by vanderaj over 9 years ago - 1 comment

#24 - 17.16 and 17.17 are not mobile specific

Issue - State: closed - Opened by relaxnow over 9 years ago

#23 - Page 31 - The Malicious Code Section wording as a bit difficult to read, wordy

Issue - State: closed - Opened by defern almost 10 years ago - 1 comment
Labels: enhancement

#22 - Page 46 – Appendix C – May Want to Include the Actual MITRE Page Title

Issue - State: closed - Opened by defern almost 10 years ago - 2 comments
Labels: enhancement

#21 - Appendix A page 38-41 – Inconsistent Capitalization in the Suggested ASVS Level Description

Issue - State: closed - Opened by defern almost 10 years ago - 1 comment
Labels: enhancement

#20 - Page 19 – Should V37 and V38 prevent the same issue?

Issue - State: closed - Opened by defern almost 10 years ago - 1 comment

#19 - Page 14 – I am not sure I agree with having a 3.1 and 3.2 when this is the only Level that even mentions this.

Issue - State: closed - Opened by defern almost 10 years ago - 1 comment

#18 - Page 16 – List of Requirement Areas Should Match the Section Header Wording

Issue - State: closed - Opened by defern almost 10 years ago - 1 comment

#17 - Page 15 Scope of verification Misspelling Be should be By

Issue - State: closed - Opened by defern almost 10 years ago - 1 comment

#16 - Appendix B page 44 – May want to write out Abbreviations for HTML and LDAP

Issue - State: closed - Opened by defern almost 10 years ago - 1 comment
Labels: enhancement

#15 - Appendix B - Page 46 - OWASP Top 10 Guide Link Should be Consistent

Issue - State: closed - Opened by defern almost 10 years ago - 1 comment
Labels: enhancement

#14 - Appendix B - Page 46 – OWASP Testing Guide Link Should be Consistent

Issue - State: closed - Opened by defern almost 10 years ago - 1 comment
Labels: enhancement

#13 - The following terms are in the Appendix B but I cannot find them in the document Appendix B - Page 43-45

Issue - State: closed - Opened by defern almost 10 years ago - 1 comment

#12 - It is unclear why there are “Skipped/Missing” verification requirements

Issue - State: closed - Opened by defern almost 10 years ago - 1 comment
Labels: enhancement