category correction, 1.4.6 to 14.7.2, #1352 Q5 + #1974 (comment)

OWASP · Sep 3, 2024 · fdce968 · fdce968
1 parent 9e13925
commit fdce968
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 1 deletion.
diff --git a/5.0/en/0x10-V1-Architecture.md b/5.0/en/0x10-V1-Architecture.md
@@ -47,7 +47,6 @@ This is a placeholder for future architectural requirements.
 | **1.4.3** | [DELETED, DUPLICATE OF 4.1.3] | | | | |
 | **1.4.4** | Verify the application uses a single and well-vetted access control mechanism for accessing protected data and resources. All requests must pass through this single mechanism to avoid copy and paste or insecure alternative paths. | | ✓ | ✓ | 284 |
 | **1.4.5** | [GRAMMAR] Verify that attribute or feature-based access control is used whereby the code checks the user's authorization for a feature or data item rather than just their role. Permissions should still be allocated using roles. | | ✓ | ✓ | 275 |
-| **1.4.6** | [ADDED] Verify that communications between back-end application components, including APIs, middleware and data layers, are performed with the least necessary privileges. | | ✓ | ✓ | 272 |
 
 ## V1.5 Input and Output Architecture
 

diff --git a/5.0/en/0x22-V14-Config.md b/5.0/en/0x22-V14-Config.md
@@ -102,6 +102,7 @@ Configurations for production should be hardened to protect against common attac
 | # | Description | L1 | L2 | L3 | CWE |
 | :---: | :--- | :---: | :---: | :---: | :---: |
 | **14.7.1** | [GRAMMAR, MOVED FROM 12.6.1] Verify that the web or application server is configured with an allow list of resources or systems to which the server can send requests or load data or files from. | ✓ | ✓ | ✓ | 918 |
+| **14.7.2** | [ADDED] Verify that communications between back-end application components, including APIs, middleware and data layers, are performed with the least necessary privileges. | | ✓ | ✓ | 272 |
 
 ## References