From 4416ca0c4c64f677265f086950f0c83533df6776 Mon Sep 17 00:00:00 2001 From: Elar Lang Date: Wed, 16 Oct 2024 14:29:24 +0300 Subject: [PATCH] #1303 - merge more tactou++ --- 5.0/en/0x10-V1-Architecture.md | 2 +- 5.0/en/0x19-V11-BusLogic.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/5.0/en/0x10-V1-Architecture.md b/5.0/en/0x10-V1-Architecture.md index 4e3cf88d9a..f69c11d73c 100644 --- a/5.0/en/0x10-V1-Architecture.md +++ b/5.0/en/0x10-V1-Architecture.md @@ -121,7 +121,7 @@ Architectural requirements are intrinsic to the entire code base, and thus diffi | # | Description | L1 | L2 | L3 | CWE | | :---: | :--- | :---: | :---: | :---: | :---: | | **1.11.1** | [DELETED, NOT IN SCOPE] | | | | | -| **1.11.2** | [MODIFIED] Verify that all application flows including authentication, session management and access control, maintain a consistent application and user state to prevent race conditions and business logic flaws. | | ✓ | ✓ | 362 | +| **1.11.2** | [DELETED, MERGED TO 11.1.6] | | | | | | **1.11.3** | [DELETED, MERGED TO 11.1.6] | | | | | | **1.11.4** | [ADDED] Verify that expectations for business logic limits and validations are clearly documented including both per-user and also globally across the application. | | ✓ | ✓ | | diff --git a/5.0/en/0x19-V11-BusLogic.md b/5.0/en/0x19-V11-BusLogic.md index 96c6cb2418..d6c2719916 100644 --- a/5.0/en/0x19-V11-BusLogic.md +++ b/5.0/en/0x19-V11-BusLogic.md @@ -35,7 +35,7 @@ Business logic security is so individual to every application that no one checkl | **11.1.3** | [MODIFIED, MERGED FROM 11.1.5] Verify that business logic limits and validations are implemented as per the application's documentation. | ✓ | ✓ | ✓ | | | **11.1.4** | [MOVED TO 11.2.2] | | | | | | **11.1.5** | [DELETED, MERGED TO 11.1.3] | | | | | -| **11.1.6** | [MODIFIED, MERGED FROM 1.11.3] Verify that all high-value business logic flows, as well as authentication, session management, and access control, are thread-safe, resistant to time-of-check and time-of-use (TOCTOU) race conditions, and utilize synchronization and locking mechanisms for sensitive operations to maintain internal data consistency and user state. | | ✓ | ✓ | 367 | +| **11.1.6** | [MODIFIED, MERGED FROM 1.11.2, 1.11.3] Verify that all high-value business logic flows, as well as authentication, session management, and access control, are thread-safe, resistant to time-of-check and time-of-use (TOCTOU) race conditions, and utilize synchronization and locking mechanisms for sensitive operations to maintain internal data consistency and user state. | | ✓ | ✓ | 367 | | **11.1.7** | [MOVED TO 7.2.4] | | | | | | **11.1.8** | [MOVED TO 7.2.5] | | | | | | **11.1.9** | [ADDED] Verify that "atomic transactions" are being used at the business logic level such that either a business logic operation succeeds in its entirety, or it is rolled back to the previous correct state. | | ✓ | ✓ | |