ASVS
ASVS copied to clipboard
Application Security Verification Standard
spin-off from https://github.com/OWASP/ASVS/issues/1925 "proposal 4" From @TobiasAhnoff > 4 Verify that only access-tokens are used for authorization by the RS (not id-tokens or other kinds of tokens) Proposal from me:...
spin-off from https://github.com/OWASP/ASVS/issues/1916 "Discussion/Proposal 2" For a situation, where OAuth is used as a "first-party" authorization solution and the application needs one and only way how it communicates with the...
spin-off from https://github.com/OWASP/ASVS/issues/1916 "Discussion/Proposal 1" The [summary](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps#section-6.3.3.3) for browser based communication says: > To summarize, the architecture of a browser-based OAuth 2.0 client application is straightforward, but results in a...
There are of course many candidates, it is hard to summarize all relevant OAuth and OIDC specs in just a small set of verifications for [V51 OAuth](https://github.com/OWASP/ASVS/blob/master/5.0/en/0x51-V51-OAuth2.md). Here are a...
spin-off from https://github.com/OWASP/ASVS/issues/1484#issuecomment-1403257737 Requirement text needs validation and language/grammar check: Verify that decoding is done only once and as the first step e. g. decoding is not done after input...
Hi everyone, I'm translating the OWASP ASVS into Italian I don't think anyone has started the translation yet
A suggestion is to define the scope for the [V51 OAuth](https://github.com/OWASP/ASVS/blob/master/5.0/en/0x51-V51-OAuth2.md) chapter more clearly. Either to make it more general and include OIDC or be more specific, excluding OIDC and...
access_token (also id_token) JWT may contain relatively sensitive information, such as person's full name, SSN, email, phone, address, etc. At the same time, those are sent via URL parameters -...
This Pull Request relates to issue #1589
The link checker seems to sometimes fail, even when it should not. For example: https://github.com/OWASP/ASVS/actions/runs/9854671316/job/27207915942 The link seems to work even through the link checker said it didn't. Also, it...