Ralph Andalis

I'll take a look @elarlang and @tghosth. Thanks for the suggestions too @TobiasAhnoff! I'll work on this when I get back home from traveling. :) Pardon the delayed responses.

I agree it would be good to cover both OAuth2 (and potentially working on OAuth2.1) and OIDC, but we need to find the right balance between too much detail and...

This suggestion seems like another project/cheatsheet, maybe? Since this is out of ASVS scope.

@tghosth, @elarlang, I can take a look during my free time and check out comments from CASA to see if we need to work on some (not all) of those...

This makes sense and way better than over the email rendering of the Github notif, haha. Give me a few weeks to comb over them and can you please assign...

I started looking at the CASA feedback. I am having a field day so far. I think Elar is correct; similarly I have strong opposition to many of their comments,...

Halfway done with the CASA feedback comments. I will start creating Github issues as soon as I finish them. For now, I would hold that off so that we don't...

I just finished reviewing all CASA comments. I will be cleaning the spreadsheet and then share it to the team early next week.

I shared it over email to the WG. Haven't opened any issues yet as I was warned a lot were duplicates of the opened issues. Maybe later we can start...

I think adding a field-level encryption requirement for databases would be a good addition as pointed out especially if it mitigates another threat than a malicious DBA. Is there any...