Josh Grossman
Josh Grossman
@jmanico please can you review #1351
Just took a trip down memory lane to try and figure out why it was like that in the first place and why it has that NIST identifier. Shared accounts...
Currently: [2.3.3](https://github.com/OWASP/ASVS/blob/master/5.0/en/0x11-V2-Authentication.md#v23-authenticator-lifecycle) > Verify that renewal instructions are sent with sufficient time to renew time bound authenticators. I would change to: > Verify that automated reminders are configured and acted...
Good spot, so I think it is like I said. @jmanico do you approve of the following clarification? > Verify that automated reminders are configured and acted on to ensure...
I am not sure I understand, the purpose of this specific issue is to make sure the github is in the correct format and that rogue spacing or issues don't...
מועדים לשמחה! This looks great, thanks for putting it together! I did a review and added some questions which it would be great if you could respond to and then...
Cookies and session storage provide an expiration mechanisms to make sure tokens do not live on forever, even when the application exits unexpectedly. Local storage does not have that which...
Opened PR to resolve this, @jmanico please review :)
Hi @elarlang We are not making a blanket rule that "session token should not be readable for javascript" because that would not be possible :) Therefore, that is not the...
@elarlang Does this requirement boil down to something like: > Verify that multiple, separate applications are not hosted on the same hostname.