From 0c824c9d65511e7ed7ab96987eb494edb7babfc2 Mon Sep 17 00:00:00 2001 From: Elar Lang Date: Thu, 2 Jan 2025 19:26:28 +0200 Subject: [PATCH] V for Vendet... Verification --- 5.0/en/0x18-V10-Coding.md | 4 ++-- 5.0/en/0x19-V11-BusLogic.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/5.0/en/0x18-V10-Coding.md b/5.0/en/0x18-V10-Coding.md index 79452f6c25..63c61f4c3a 100644 --- a/5.0/en/0x18-V10-Coding.md +++ b/5.0/en/0x18-V10-Coding.md @@ -65,13 +65,13 @@ Complying with this section is likely to be operational and continuous. | **10.4.6** | [ADDED] Verify that the application is able to discern and utilizes the user's true IP address to provide for sensitive functions, including rate limiting and logging. | | ✓ | ✓ | 348 | | **10.4.7** | [MODIFIED, MOVED FROM 5.1.1, LEVEL L1 > L2] Verify that the application has defenses against HTTP parameter pollution attacks, particularly if the application framework makes no distinction about the source of request parameters (query string, body parameters, cookies, or header fields). | | ✓ | ✓ | 235 | -## 10.5 Security Architecture +## V10.5 Security Architecture | # | Description | L1 | L2 | L3 | CWE | | :---: | :--- | :---: | :---: | :---: | :---: | | **10.5.1** | [ADDED, SPLIT FROM 1.14.5, 14.2.6] Verify that the application implements additional protections around parts of the application which are documented as performing "risky" operations or using "risky" third-party libraries. This could include techniques such as sandboxing, encapsulation, containerization or network level isolation to delay and deter attackers who compromise one part of an application from pivoting elsewhere in the application. | | | ✓ | | -## 10.6 Code Dependencies +## V10.6 Code Dependencies Dependency management is critical to the safe operation of any application of any type. Failure to keep up to date with outdated or insecure dependencies is the root cause of the largest and most expensive attacks to date. While being up-to-date with patches is essential, relying solely on updates for publicly disclosed vulnerabilities introduces risk, as vendors may fix security issues without public announcements. diff --git a/5.0/en/0x19-V11-BusLogic.md b/5.0/en/0x19-V11-BusLogic.md index 6947ad3ef1..1d664c221e 100644 --- a/5.0/en/0x19-V11-BusLogic.md +++ b/5.0/en/0x19-V11-BusLogic.md @@ -43,7 +43,7 @@ Business logic security is so individual to every application that no one checkl | **11.2.1** | [MODIFIED, MOVED FROM 11.1.2, LEVEL L1 > L3] Verify that business logic processes require realistic human timing, preventing excessively rapid transaction submissions. | | | ✓ | 799 | | **11.2.2** | [MODIFIED, MOVED FROM 11.1.4, LEVEL L1 > L2] Verify that anti-automation controls are in place to protect against excessive calls to application functions that could lead to data exfiltration, garbage data creation, quota exhaustion, rate limit breaches, denial of service, or overuse of costly resources. | | ✓ | ✓ | 770 | -## 11.3 Input Validation +## V11.3 Input Validation | # | Description | L1 | L2 | L3 | CWE | | :---: | :--- | :---: | :---: | :---: | :---: |