#1920 move v4.0.3-1.14.6 to web frontend security paragraph (#1921)

Co-authored-by: Elar Lang <[email protected]>
OWASP · Apr 4, 2024 · 2544338 · 2544338
1 parent a88c7ab
commit 2544338
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/5.0/en/0x10-V1-Architecture.md b/5.0/en/0x10-V1-Architecture.md
@@ -131,7 +131,7 @@ This is a placeholder for future architectural requirements.
 | **1.14.3** | [DELETED, DUPLICATE OF 14.2.1] | | | | |
 | **1.14.4** | [DELETED, NOT IN SCOPE] | | | | |
 | **1.14.5** | [MODIFIED] Verify that application deployments adequately sandbox or isolate at the network level to delay and deter attackers from attacking other applications, especially when they are performing sensitive or dangerous actions such as deserialization. | | ✓ | ✓ | 265 |
-| **1.14.6** | [MODIFIED] Verify the application only uses client-side technologies which are still supported and considered secure. Examples of technologies which do not meet this requirement include NSAPI plugins, Flash, Shockwave, ActiveX, Silverlight, NACL, or client-side Java applets. | | ✓ | ✓ | 477 |
+| **1.14.6** | [MOVED TO 50.7.2] | | | | |
 | **1.14.7** | [MODIFIED, MOVED FROM 1.2.1] Verify the use of unique or special low-privilege operating system accounts for all back-end application components, services, and servers. | | ✓ | ✓ | 250 |
 | **1.14.8** | [ADDED] Verify that the application is able to discern and utilizes the user's true IP address to provide for sensitive functions, including rate limiting and logging. | | ✓ | ✓ | 348 |
 

diff --git a/5.0/en/0x50-V50-Web-Frontend-Security.md b/5.0/en/0x50-V50-Web-Frontend-Security.md
@@ -66,6 +66,7 @@ it may need other separate section for "end-user protection via UI"
 | # | Description | L1 | L2 | L3 | CWE |
 | :---: | :--- | :---: | :---: | :---: | :---: |
 | **50.7.1** | [ADDED, SPLIT FROM 5.1.5] Verify that the application shows a notification when the user is being redirected to a URL outside of the application's control, with an option to cancel the navigation. | | | ✓ | |
+| **50.7.2** | [MODIFIED, MOVED FROM 1.14.6] Verify the application only uses client-side technologies which are still supported and considered secure. Examples of technologies which do not meet this requirement include NSAPI plugins, Flash, Shockwave, ActiveX, Silverlight, NACL, or client-side Java applets. | | ✓ | ✓ | 477 |
 
 ## References