Skip to content

Commit

Permalink
#1303 - merge more tactou++
Browse files Browse the repository at this point in the history
  • Loading branch information
Elar Lang committed Oct 16, 2024
1 parent f08abae commit 4416ca0
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion 5.0/en/0x10-V1-Architecture.md
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ Architectural requirements are intrinsic to the entire code base, and thus diffi
| # | Description | L1 | L2 | L3 | CWE |
| :---: | :--- | :---: | :---: | :---: | :---: |
| **1.11.1** | [DELETED, NOT IN SCOPE] | | | | |
| **1.11.2** | [MODIFIED] Verify that all application flows including authentication, session management and access control, maintain a consistent application and user state to prevent race conditions and business logic flaws. | | || 362 |
| **1.11.2** | [DELETED, MERGED TO 11.1.6] | | | | |
| **1.11.3** | [DELETED, MERGED TO 11.1.6] | | | | |
| **1.11.4** | [ADDED] Verify that expectations for business logic limits and validations are clearly documented including both per-user and also globally across the application. | ||| |

Expand Down
2 changes: 1 addition & 1 deletion 5.0/en/0x19-V11-BusLogic.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ Business logic security is so individual to every application that no one checkl
| **11.1.3** | [MODIFIED, MERGED FROM 11.1.5] Verify that business logic limits and validations are implemented as per the application's documentation. |||| |
| **11.1.4** | [MOVED TO 11.2.2] | | | | |
| **11.1.5** | [DELETED, MERGED TO 11.1.3] | | | | |
| **11.1.6** | [MODIFIED, MERGED FROM 1.11.3] Verify that all high-value business logic flows, as well as authentication, session management, and access control, are thread-safe, resistant to time-of-check and time-of-use (TOCTOU) race conditions, and utilize synchronization and locking mechanisms for sensitive operations to maintain internal data consistency and user state. | ||| 367 |
| **11.1.6** | [MODIFIED, MERGED FROM 1.11.2, 1.11.3] Verify that all high-value business logic flows, as well as authentication, session management, and access control, are thread-safe, resistant to time-of-check and time-of-use (TOCTOU) race conditions, and utilize synchronization and locking mechanisms for sensitive operations to maintain internal data consistency and user state. | ||| 367 |
| **11.1.7** | [MOVED TO 7.2.4] | | | | |
| **11.1.8** | [MOVED TO 7.2.5] | | | | |
| **11.1.9** | [ADDED] Verify that "atomic transactions" are being used at the business logic level such that either a business logic operation succeeds in its entirety, or it is rolled back to the previous correct state. | ||| |
Expand Down

0 comments on commit 4416ca0

Please sign in to comment.