Proposition for fixing broken/improving links (#686)

* As stated on enzoic.com: "PasswordPing is now Enzoic!"

* Add references to other OWASP resources

webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_intro.adoc

@@ -34,5 +34,7 @@ This of course can be checked or expanded beyond GET methods to view data, but t
 Before we go on to practice, here's some good reading on Insecure Direct Object References:
 
 * https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004)
+* https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control
+* https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html
 * https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References
 * http://cwe.mitre.org/data/definitions/639.html

webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en/SecurePasswords_1.adoc

@@ -7,4 +7,4 @@ NIST develops Federal Information Processing Standards (FIPS) which the Secretar
 NIST also provides guidance documents and recommendations through its Special Publications (SP) 800-series.
 These guidelines often become the foundation for best practice recommendations across the security industry and are incorporated into other standards.
 
-(Description from https://www.passwordping.com/surprising-new-password-guidelines-nist/)
+(Description from https://www.enzoic.com/surprising-password-guidelines-nist/)