From 39979bd6520e4dfaf1467151d7e432c3d9942b52 Mon Sep 17 00:00:00 2001
From: Josh Grossman <tghosth@users.noreply.github.com>
Date: Thu, 2 May 2024 12:52:01 +0300
Subject: [PATCH] Resolve #1272 by moving reqs from bus logic to logging
 (#1945)

* Resolve #1272 by moving reqs from bus logic to logging

* Remove redundant words
---
 5.0/en/0x15-V7-Error-Logging.md | 2 ++
 5.0/en/0x19-V11-BusLogic.md     | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/5.0/en/0x15-V7-Error-Logging.md b/5.0/en/0x15-V7-Error-Logging.md
index e15e62a400..a4cd347de0 100644
--- a/5.0/en/0x15-V7-Error-Logging.md
+++ b/5.0/en/0x15-V7-Error-Logging.md
@@ -52,6 +52,8 @@ V7.2 covers OWASP Top 10 2017:A10. As 2017:A10 and this section are not penetrat
 | **7.2.2** | [MODIFIED] Verify that all access control decisions can be logged and all failed decisions are logged. | | ✓ | ✓ | 285 |
 | **7.2.3** | [MODIFIED, MOVED FROM 7.1.3] Verify that the application logs security relevant events including deserialization failures, input validation failures and incorrect HTTP requests (including requests with an unexpected HTTP verb). | | ✓ | ✓ | 778 |
 | **7.2.4** | [MOVED FROM 9.2.5] Verify that backend TLS connection failures are logged. | | | ✓ | 778 |
+| **7.2.4** | [MODIFIED, MOVED FROM 11.1.7] Verify that the application monitors for unusual events or activity from a business logic perspective. | | ✓ | ✓ | 754 |
+| **7.2.5** | [MODIFIED, MOVED FROM 11.1.8] Verify that the application has configurable alerting when unusual or malicious activity is detected. | | ✓ | ✓ | 390 |
 
 ## V7.3 Log Protection
 
diff --git a/5.0/en/0x19-V11-BusLogic.md b/5.0/en/0x19-V11-BusLogic.md
index de414b07e2..2abf401532 100644
--- a/5.0/en/0x19-V11-BusLogic.md
+++ b/5.0/en/0x19-V11-BusLogic.md
@@ -20,8 +20,8 @@ Business logic security is so individual to every application that no one checkl
 | **11.1.4** | [MOVED TO 11.2.2] | | | | |
 | **11.1.5** | [MODIFIED] Verify that the application has globally defined business logic limits or validation to protect against likely business risks or threats, identified using threat modeling or similar methodologies. | ✓ | ✓ | ✓ | |
 | **11.1.6** | [MODIFIED] Verify that the application uses synchronization and locking mechanisms for sensitive operations in order to keep internal data consistent, maintain user state, and prevent race conditions, such as 'time of check to time of use (TOCTOU)' vulnerabilities. | | ✓ | ✓ | 367 |
-| **11.1.7** | Verify that the application monitors for unusual events or activity from a business logic perspective. For example, attempts to perform actions out of order or actions which a normal user would never attempt. | | ✓ | ✓ | 754 |
-| **11.1.8** | Verify that the application has configurable alerting when automated attacks or unusual activity is detected. | | ✓ | ✓ | 390 |
+| **11.1.7** | [DELETED, MOVED TO 7.2.4] | | | | |
+| **11.1.8** | [DELETED, MOVED TO 7.2.5] | | | | |
 | **11.1.9** | [ADDED] Verify that "atomic transactions" are being used at the business logic level such that either a business logic operation succeeds in its entirety, or it is rolled back to the previous correct state. | | ✓ | ✓ | |
 
 ## V11.2 Anti-automation