Fix typo (#909)

2020-12-03 07:23:23 -06:00 · 2020-12-03 07:23:23 -06:00 · b1495a8cd5
commit b1495a8cd5
parent 69c19d19d4
6 changed files with 13 additions and 15 deletions
--- a/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content1.adoc
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content1.adoc
@ -1,8 +1,6 @@
 == What is XSS?

-Cross-Site Scripting (also commonly known as XSS) is a vulnerability/flaw that combines ...
-# the allowance of html/script tags as input that are ...
-# rendered into a browser without encoding or sanitization
+Cross-Site Scripting (also commonly known as XSS) is a vulnerability/flaw that combines the allowance of html/script tags as input that are rendered into a browser without encoding or sanitization

 === Cross-Site Scripting (XSS) is the most prevalent and pernicious web application security issue

@ -16,7 +14,7 @@ And if not properly protected, sensitive data (such as your authentication cooki


 ==== Quick examples:
-* From the JavaScript console in the developer tools of the browser (chrome, Firefox)
+* From the JavaScript console in the developer tools of the browser (Chrome, Firefox)
 +
 ----
 alert("XSS Test");
--- a/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/postquantum.adoc
+++ b/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/postquantum.adoc
@ -2,6 +2,6 @@

 == Post quantum cryptography

-Quantum computers are here and getting more power in available qubits each year. Quantum computers are and will be capable of decrypting information that was encrypted with algorithms that were thought to be safe. For some years now, a lot of encrypted communicatation using quantum vulnerable cryptoraphy is being recorded. This information will be decrypted when the quantum computers are powerful enough. Even tough the information may be old, it still could contain valuable information that can be misused. Besides the fact that some private information will be known to parties it was not intended for.
+Quantum computers are here and getting more power in available qubits each year. Quantum computers are and will be capable of decrypting information that was encrypted with algorithms that were thought to be safe. For some years now, a lot of encrypted communicatation using quantum vulnerable cryptoraphy is being recorded. This information will be decrypted when the quantum computers are powerful enough. Even though the information may be old, it still could contain valuable information that can be misused. Besides the fact that some private information will be known to parties it was not intended for.

 Mathematics has answers for the post quantum era. New cryptography is already available and should be used NOW in order to minimize threads. You can read more on this on Wikipedia https://en.wikipedia.org/wiki/Post-quantum_cryptography[Post quatum on Wikipedia,window=_blank]
--- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6c.adoc
+++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6c.adoc
@ -1,7 +1,7 @@
 == Blind SQL injection

 Blind SQL injection is a type of SQL injection attack that asks the database true or false
-questions and determines the answer based on the applications response. This attack is often used when the web
+questions and determines the answer based on the application's response. This attack is often used when the web
 application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL
 injection.

--- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_before.adoc
+++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_before.adoc
@ -1,6 +1,6 @@
 == What is SQL injection?

-SQL injections are the most common web hacking techniques. *A SQL injection attack consists of insertion or "injection" of malicious code via the SQL query input from the client to the application.* If not dealt with correctly, such an injection of code into the application can have an serious impact on e.g. data integrity and security.
+SQL injections are the most common web hacking techniques. *A SQL injection attack consists of insertion or "injection" of malicious code via the SQL query input from the client to the application.* If not dealt with correctly, such an injection of code into the application can have a serious impact on e.g. data integrity and security.

 SQL injections can occur, when unfiltered data from the client, e.g. the input of a search field, gets into the SQL interpreter of the application itself. If the input from the client does not get checked for containing SQL commands, hackers can easily manipulate the underlying SQL statement to their advantage. +
 Per example if the input is not filtered for SQL metacharacters like *--* (comments out the rest of the line) or *;* (ends a SQL query and that way can be used to chain them).
@ -11,7 +11,7 @@ Per example if the input is not filtered for SQL metacharacters like *--* (comme

 Think of a web application, that allows to display user information, by typing a username into an input field.

-The input will then be sent to the server and gets inserted into a SQL query which then is processed by an SQL interpreter.
+The input will then be sent to the server and gets inserted into a SQL query which then is processed by a SQL interpreter.

 The SQL query to retrieve the user information from the database looks like that: +
 -------------------------------------------------------
--- a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-intro.adoc
+++ b/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-intro.adoc
@ -3,7 +3,7 @@ This lesson describes the steps needed to add a new lesson to WebGoat. In genera
 - Write the content, in WebGoat we use AsciiDoc as a format.
 - Create a lesson class
 - Write html glue page so WebGoat knows how the content should be displayed
- Add one of more assignments within the lesson
+- Add one or more assignments within the lesson

 Let's see how to create a new lesson.

--- a/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc
+++ b/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc
@ -10,10 +10,10 @@ image::images/wolf-enabled.png[width=115,height=128]

 {nbsp}

-Even if the icon is present your are not obliged to use WebWolf, you can also use any intercepting tool you like.
+Even if the icon is present, you are not obliged to use WebWolf, you can also use any intercepting tool you like.
 (`netcat` etc.)

-WebWolf is a separate web application which simulates an attackers machine. It makes it possible for us to
+WebWolf is a separate web application which simulates an attacker's machine. It makes it possible for us to
 make a clear distinction between what takes place on the attacked website and the actions you need to do as
 an "attacker". WebWolf was introduced after a couple of workshops where we received feedback that there
 was no clear distinction between what was part of the "attackers" role and what was part of the "users" role on the