Minor changes to v9 (#1893)

* Small wording change * Fix list intent do comply with updated linter * Remove extra newline
OWASP · Mar 17, 2024 · 9d11dc0 · 9d11dc0
1 parent d8e03f4
commit 9d11dc0
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 4 deletions.
diff --git a/5.0/en/0x15-V7-Error-Logging.md b/5.0/en/0x15-V7-Error-Logging.md
@@ -53,7 +53,6 @@ V7.2 covers OWASP Top 10 2017:A10. As 2017:A10 and this section are not penetrat
 | **7.2.3** | [MODIFIED, MOVED FROM 7.1.3] Verify that the application logs security relevant events including deserialization failures, input validation failures and incorrect HTTP requests (including requests with an unexpected HTTP verb). | | ✓ | ✓ | 778 |
 | **7.2.4** | [MODIFIED, MOVED FROM 9.2.5] Verify that backend TLS connection failures are logged. | | | ✓ | 778 |
 
-
 ## V7.3 Log Protection
 
 Logs that can be trivially modified or deleted are useless for investigations and prosecutions. Disclosure of logs can expose inner details about the application or the data it contains. Care must be taken when protecting logs from unauthorized disclosure, modification or deletion.

diff --git a/5.0/en/0x17-V9-Communications.md b/5.0/en/0x17-V9-Communications.md
@@ -6,8 +6,8 @@ Ensure that a verified application meets the following high-level requirements:
 
 * Require TLS or strong encryption, independent of the sensitivity of the content.
 * Follow the latest guidance, including:
-  * Configuration advice
-  * Preferred algorithms and ciphers
+    * Configuration advice
+    * Preferred algorithms and ciphers
 * Avoid weak or soon-to-be deprecated algorithms and ciphers, except as a last resort.
 * Disable deprecated or known insecure algorithms and ciphers.
 
@@ -66,4 +66,4 @@ Use secure TLS configuration and up-to-date tools to review the configuration on
 For more information, see also:
 
 * [OWASP – TLS Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html)
-* The ideal method for achieving compliance with section 9.4 would be to review guides such as [Mozilla's Server Side TLS](https://wiki.mozilla.org/Security/Server_Side_TLS) or [generate known good configurations](https://mozilla.github.io/server-side-tls/ssl-config-generator/), and use known and up-to-date TLS evaluation tools to obtain a desired level of security.
+* The ideal way to achieve compliance with section 9.4 would be to review guides such as [Mozilla's Server Side TLS](https://wiki.mozilla.org/Security/Server_Side_TLS) or [generate known good configurations](https://mozilla.github.io/server-side-tls/ssl-config-generator/), and use known and up-to-date TLS evaluation tools to obtain a desired level of security.