Proposition for fixing broken/improving links (#686)

* As stated on enzoic.com: "PasswordPing is now Enzoic!" * Add references to other OWASP resources
2019-10-16 17:29:27 +02:00 · 2019-10-16 17:29:27 +02:00 · 9fdbbf69d6
commit 9fdbbf69d6
parent 1f00d461a8
2 changed files with 3 additions and 1 deletions
--- a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_intro.adoc
+++ b/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_intro.adoc
@ -34,5 +34,7 @@ This of course can be checked or expanded beyond GET methods to view data, but t
 Before we go on to practice, here's some good reading on Insecure Direct Object References:

 * https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004)
+* https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control
+* https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html
 * https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References
 * http://cwe.mitre.org/data/definitions/639.html
--- a/webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en/SecurePasswords_1.adoc
+++ b/webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en/SecurePasswords_1.adoc
@ -7,4 +7,4 @@ NIST develops Federal Information Processing Standards (FIPS) which the Secretar
 NIST also provides guidance documents and recommendations through its Special Publications (SP) 800-series.
 These guidelines often become the foundation for best practice recommendations across the security industry and are incorporated into other standards.

-(Description from https://www.passwordping.com/surprising-new-password-guidelines-nist/)
+(Description from https://www.enzoic.com/surprising-password-guidelines-nist/)