From e5c4a4b7d7500fbad7e982679d2915b4bea1f348 Mon Sep 17 00:00:00 2001 From: Elar Lang Date: Thu, 14 Dec 2023 14:25:13 +0200 Subject: [PATCH] move 12.7.1 to 7.4 section, https://github.com/OWASP/ASVS/issues/1748#issuecomment-1826003241 --- 5.0/en/0x15-V7-Error-Logging.md | 1 + 5.0/en/0x20-V12-Files-Resources.md | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/5.0/en/0x15-V7-Error-Logging.md b/5.0/en/0x15-V7-Error-Logging.md index 815a2f71aa..ecfb4cf96a 100644 --- a/5.0/en/0x15-V7-Error-Logging.md +++ b/5.0/en/0x15-V7-Error-Logging.md @@ -73,6 +73,7 @@ The purpose of error handling is to allow the application to provide security re | **7.4.1** | Verify that a generic message is shown when an unexpected or security sensitive error occurs, potentially with a unique ID which support personnel can use to investigate. ([C10](https://owasp.org/www-project-proactive-controls/#div-numbering)) | ✓ | ✓ | ✓ | 210 | | **7.4.2** | [MODIFIED] Verify that a consistent and standardized exception handling mechanism (or a functional equivalent) is used across the codebase. ([C10](https://owasp.org/www-project-proactive-controls/#div-numbering)) | | ✓ | ✓ | 544 | | **7.4.3** | Verify that a "last resort" error handler is defined which will catch all unhandled exceptions. ([C10](https://owasp.org/www-project-proactive-controls/#div-numbering)) | | ✓ | ✓ | 431 | +| **7.4.4** | [ADDED] Verify that the application is designed in a way that a failure to access external resources does not result in the entire application failing, for example using the circuit breaker pattern. | | ✓ | ✓ | | Note: Certain languages, such as Swift and Go - and through common design practice - many functional languages, do not support exceptions or last resort event handlers. In this case, architects and developers should use a pattern, language, or framework friendly way to ensure that applications can securely handle exceptional, unexpected, or security-related events. diff --git a/5.0/en/0x20-V12-Files-Resources.md b/5.0/en/0x20-V12-Files-Resources.md index fc8347bccf..c054dcbe76 100644 --- a/5.0/en/0x20-V12-Files-Resources.md +++ b/5.0/en/0x20-V12-Files-Resources.md @@ -62,8 +62,7 @@ Although zip bombs are eminently testable using penetration testing techniques, | # | Description | L1 | L2 | L3 | CWE | | :---: | :--- | :---: | :---: | :---: | :---: | -| **12.7.1** | [ADDED] Verify that the application is designed in a way that a failure to access external resources does not result in the entire application failing, for example using the circuit breaker pattern. | | ✓ | ✓ | | -| **12.7.2** | [ADDED] Verify that the application proactively releases system resources, such as database connections, open files, threads, etc, when it finishes using them to prevent resource exhaustion. | | ✓ | ✓ | 404 | +| **12.7.1** | [ADDED] Verify that the application proactively releases system resources, such as database connections, open files, threads, etc, when it finishes using them to prevent resource exhaustion. | | ✓ | ✓ | 404 | ## References