diff --git a/owasp-top10-2017-apps/a10/games-irados/README.md b/owasp-top10-2017-apps/a10/games-irados/README.md index 46d970aa7..196d5cc92 100644 --- a/owasp-top10-2017-apps/a10/games-irados/README.md +++ b/owasp-top10-2017-apps/a10/games-irados/README.md @@ -152,7 +152,7 @@ However, we can also confirm that little information is being logged at the serv ## Secure this app -How would you migitate this vulnerability? After your changes, an attacker should not be able to: +How would you mitigate this vulnerability? After your changes, an attacker should not be able to: * Receive a `200 OK` to every and any request done diff --git a/owasp-top10-2017-apps/a2/insecure-go-project/README.md b/owasp-top10-2017-apps/a2/insecure-go-project/README.md index 3c8e95cfa..bf4b91f73 100644 --- a/owasp-top10-2017-apps/a2/insecure-go-project/README.md +++ b/owasp-top10-2017-apps/a2/insecure-go-project/README.md @@ -65,7 +65,7 @@ Using this credentials to access local MongoDB, it was possible to check that th ## Secure this app -How would you migitate this vulnerability? After your changes, an attacker should not be able to: +How would you mitigate this vulnerability? After your changes, an attacker should not be able to: * Find sensitive information (such as passwords or usernames) hardcoded. diff --git a/owasp-top10-2017-apps/a2/saidajaula-monster/README.md b/owasp-top10-2017-apps/a2/saidajaula-monster/README.md index bad7b2d4b..e7aced6b5 100644 --- a/owasp-top10-2017-apps/a2/saidajaula-monster/README.md +++ b/owasp-top10-2017-apps/a2/saidajaula-monster/README.md @@ -126,7 +126,7 @@ curl -v --cookie "sessionId=eyJwZXJtaXNzYW8iOiAxLCAidXNlcm5hbWUiOiAiZGFuaWVsIn0u ## Secure this app -How would you migitate this vulnerability? After your changes, an attacker should not be able to: +How would you mitigate this vulnerability? After your changes, an attacker should not be able to: * Log in as admin or any other user, rather than himself, by modifying the session cookie. diff --git a/owasp-top10-2017-apps/a3/snake-pro/README.md b/owasp-top10-2017-apps/a3/snake-pro/README.md index e0d0578cc..bfbef9605 100644 --- a/owasp-top10-2017-apps/a3/snake-pro/README.md +++ b/owasp-top10-2017-apps/a3/snake-pro/README.md @@ -102,7 +102,7 @@ sudo tcpdump -i lo0 -X host localhost | grep -C 2 pass --color ## Secure this app -How would you migitate this vulnerability? After your changes, an attacker should not be able to: +How would you mitigate this vulnerability? After your changes, an attacker should not be able to: * Capture sensitive information by sniffing on network packages. * Bonus: What about using HTTPS? diff --git a/owasp-top10-2017-apps/a4/vinijr-blog/README.md b/owasp-top10-2017-apps/a4/vinijr-blog/README.md index 81b9835df..eb6a0307a 100644 --- a/owasp-top10-2017-apps/a4/vinijr-blog/README.md +++ b/owasp-top10-2017-apps/a4/vinijr-blog/README.md @@ -110,7 +110,7 @@ curl -d @evilxml.xml localhost:10080/contact.php ; echo ## Secure this app -How would you migitate this vulnerability? After your changes, an attacker should not be able to: +How would you mitigate this vulnerability? After your changes, an attacker should not be able to: * Extract data from the server through the method shown above. diff --git a/owasp-top10-2017-apps/a5/ecommerce-api/README.md b/owasp-top10-2017-apps/a5/ecommerce-api/README.md index c61844cc4..41b1f8c7c 100644 --- a/owasp-top10-2017-apps/a5/ecommerce-api/README.md +++ b/owasp-top10-2017-apps/a5/ecommerce-api/README.md @@ -103,7 +103,7 @@ curl -vvv http://localhost:8888/ticket/GUID ## Secure this app -How would you migitate this vulnerability? After your changes, an attacker should not be able to: +How would you mitigate this vulnerability? After your changes, an attacker should not be able to: * Access other users' tickets. diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/README.md b/owasp-top10-2017-apps/a6/misconfig-wordpress/README.md index 737981e8b..149fd8f1b 100644 --- a/owasp-top10-2017-apps/a6/misconfig-wordpress/README.md +++ b/owasp-top10-2017-apps/a6/misconfig-wordpress/README.md @@ -200,7 +200,7 @@ Now, by doing the following curl command to check the HTTP headers of the applic ## Secure this app -How would you migitate this vulnerability? After your changes, an attacker should not be able to: +How would you mitigate this vulnerability? After your changes, an attacker should not be able to: * See verbose error messages * Log in with default credentials diff --git a/owasp-top10-2017-apps/a6/stegonography/README.md b/owasp-top10-2017-apps/a6/stegonography/README.md index 49c398636..80f64996b 100644 --- a/owasp-top10-2017-apps/a6/stegonography/README.md +++ b/owasp-top10-2017-apps/a6/stegonography/README.md @@ -119,7 +119,7 @@ Even though we still don't know which NodeJS version is currently running, we've ## Secure this app -How would you migitate this vulnerability? After your changes, an attacker should not be able to: +How would you mitigate this vulnerability? After your changes, an attacker should not be able to: * See error stack traces * Log in with default credentials diff --git a/owasp-top10-2017-apps/a7/gossip-world/README.md b/owasp-top10-2017-apps/a7/gossip-world/README.md index 16eeb2c4a..3b207e748 100644 --- a/owasp-top10-2017-apps/a7/gossip-world/README.md +++ b/owasp-top10-2017-apps/a7/gossip-world/README.md @@ -134,7 +134,7 @@ The attacker now gets all the input on the server log, as shown below: ## Secure this app -How would you migitate this vulnerability? After your changes, an attacker should not be able to: +How would you mitigate this vulnerability? After your changes, an attacker should not be able to: * Execute scripts through input fields diff --git a/owasp-top10-2017-apps/a8/amarelo-designs/README.md b/owasp-top10-2017-apps/a8/amarelo-designs/README.md index fca6e4b15..1169e8a1f 100644 --- a/owasp-top10-2017-apps/a8/amarelo-designs/README.md +++ b/owasp-top10-2017-apps/a8/amarelo-designs/README.md @@ -150,7 +150,7 @@ $ nc localhost 9051 ## Secure this app -How would you migitate this vulnerability? After your changes, an attacker should not be able to: +How would you mitigate this vulnerability? After your changes, an attacker should not be able to: * Execute code remotely through a serialization vulnerability