Update 0x13-V5-Validation-Sanitization-Encoding.md

whitelist to allowlist
OWASP · Oct 24, 2021 · d1e2cf4 · d1e2cf4
1 parent 3267961
commit d1e2cf4
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md b/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md
@@ -95,7 +95,7 @@ The following requirements will only apply when the application uses a systems l
 | :---: | :--- | :---: | :---:| :---: | :---: |
 | **5.5.1** | [DELETED] | | | | |
 | **5.5.2** | Verify that the application correctly restricts XML parsers to only use the most restrictive configuration possible and to ensure that unsafe features such as resolving external entities are disabled to prevent XML eXternal Entity (XXE) attacks. | ✓ | ✓ | ✓ | 611 |
-| **5.5.3** | [MODIFIED] Verify that deserialization is not used when communicating with untrusted clients. If this is not possible, ensure that deserialization is performed safely, for example, by only allowing a white-list of object types or not allowing the client to define the object type to deserialize to, in order to prevent deserialization attacks. | ✓ | ✓ | ✓ | 502 |
+| **5.5.3** | [MODIFIED] Verify that deserialization is not used when communicating with untrusted clients. If this is not possible, ensure that deserialization is performed safely, for example, by only allowing a allow-list of object types or not allowing the client to define the object type to deserialize to, in order to prevent deserialization attacks. | ✓ | ✓ | ✓ | 502 |
 | **5.5.4** | Verify that when parsing JSON in browsers or JavaScript-based backends, JSON.parse is used to parse the JSON document. Do not use eval() to parse JSON. | ✓ | ✓ | ✓ | 95 |
 
 ## References