From 635a67e22e5748fb13828ffc4beaa70a2cc5b0fd Mon Sep 17 00:00:00 2001 From: Elar Lang Date: Mon, 25 Oct 2021 12:16:35 +0300 Subject: [PATCH] update 11.1.4 description (#971) --- 4.0/en/0x19-V11-BusLogic.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/4.0/en/0x19-V11-BusLogic.md b/4.0/en/0x19-V11-BusLogic.md index cb1a1f6ed9..06f0145e74 100644 --- a/4.0/en/0x19-V11-BusLogic.md +++ b/4.0/en/0x19-V11-BusLogic.md @@ -17,7 +17,7 @@ Business logic security is so individual to every application that no one checkl | **11.1.1** | Verify the application will only process business logic flows for the same user in sequential step order and without skipping steps.| ✓ | ✓ | ✓ | 841 | | **11.1.2** | Verify the application will only process business logic flows with all steps being processed in realistic human time, i.e. transactions are not submitted too quickly.| ✓ | ✓ | ✓ | 799 | | **11.1.3** | Verify the application has appropriate limits for specific business actions or transactions which are correctly enforced on a per user basis. | ✓ | ✓ | ✓ | 770 | -| **11.1.4** | Verify the application has sufficient anti-automation controls to detect and protect against data exfiltration, excessive business logic requests, excessive file uploads or denial of service attacks. | ✓ | ✓ | ✓ | 770 | +| **11.1.4** | Verify that application has anti-automation controls to protect against excessive calls such as mass data exfiltration, business logic requests, file uploads or denial of service attacks. | ✓ | ✓ | ✓ | 770 | | **11.1.5** | Verify the application has business logic limits or validation to protect against likely business risks or threats, identified using threat modeling or similar methodologies. | ✓ | ✓ | ✓ | 841 | | **11.1.6** | Verify the application does not suffer from "Time Of Check to Time Of Use" (TOCTOU) issues or other race conditions for sensitive operations. | | ✓ | ✓ | 367 | | **11.1.7** | Verify the application monitors for unusual events or activity from a business logic perspective. For example, attempts to perform actions out of order or actions which a normal user would never attempt. ([C9](https://owasp.org/www-project-proactive-controls/#div-numbering)) | | ✓ | ✓ | 754 |