[Openid-specs-ab] OWASP ASVS 5.0
Mark Haine
Mark.Haine at oidf.org
Mon Mar 3 12:47:11 UTC 2025
Hi AB/Connect and FAPI people,
There was a presentation at OSW2025 where I learned that OWASP are working on a major revision to their Application Security Verification Standard. As part of that revision, they are adding content relating to “OAuth and OIDC” (sic). Some of you might wish to review and provide comment. If having an OIDF set of collated feedback is desirable I may be able to find time to aggregate your thoughts and comments. If that is the case please let me know. I shall do my best to review for the OIDF in any case.
https://github.com/OWASP/ASVS/tree/master
[cid:image001.jpg at 01DB8C38.8AD5DB90]
Specific section on OAuth and OIDC is in:
https://github.com/OWASP/ASVS/blob/master/5.0/en/0x51-V51-OAuth2.md
I have reached out to the presenter to see if there is any other guidance for reviewers. If I get anything back I’ll add it to this mail thread.
Best Regards,
Mark Haine
+44 (0) 777 555 0344<tel:+447775550344> | mark.haine at oidf.org<mailto:mark.haine at oidf.org> |
[OpenID Logo]<https://www.considrd.consulting/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250303/ae829096/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1347447 bytes
Desc: image001.jpg
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250303/ae829096/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 6115 bytes
Desc: image002.png
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250303/ae829096/attachment-0001.png>
More information about the Openid-specs-ab
mailing list