diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ddee2a10..c6a2ff0a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -12,5 +12,7 @@ jobs: - name: Lint Markdown files uses: avto-dev/markdown-lint@v1 + env: + MARKDOWN_CONFIG_FILE: ".markdownlint.json" with: args: '**/*.md' diff --git a/.markdownlint.json b/.markdownlint.json index 4dd4167b..63421f08 100644 --- a/.markdownlint.json +++ b/.markdownlint.json @@ -6,5 +6,5 @@ "line_length": false, "fenced-code-language": false, "no-emphasis-as-heading": false, - "blanks-around-headings": false + "first-line-heading": false } diff --git a/README.md b/README.md index 446faabf..3484c13e 100644 --- a/README.md +++ b/README.md @@ -149,20 +149,20 @@ Incorrect: Incorrect: -> Throughout the course of the engagement, a critical severity SQL injection was discovered in the web application (www.example.com) which could be used by an attacker to exfiltrate personally identifiable information from the backend database. +> Throughout the course of the engagement, a critical severity SQL injection was discovered in the web application () which could be used by an attacker to exfiltrate personally identifiable information from the backend database. Correct: -> An SQL injection was discovered in www.example.com allowing a malicious attacker to exfiltrate personally identifiable information. +> An SQL injection was discovered in allowing a malicious attacker to exfiltrate personally identifiable information. ### Split Up Long Sentences Incorrect: -> An SQL injection was discovered in www.example.com allowing a malicious attacker to exfiltrate personally identifiable information including email addresses which would be considered a GDPR violation and poses a considerable business risk. +> An SQL injection was discovered in allowing a malicious attacker to exfiltrate personally identifiable information including email addresses which would be considered a GDPR violation and poses a considerable business risk. Correct: -> An SQL injection was discovered in www.example.com allowing a malicious attacker to exfiltrate personally identifiable information. The retrievable data includes passwords, email addresses and full names. This poses a GDPR violation and considerable business risk. +> An SQL injection was discovered in allowing a malicious attacker to exfiltrate personally identifiable information. The retrievable data includes passwords, email addresses and full names. This poses a GDPR violation and considerable business risk. ## Acronyms @@ -184,7 +184,7 @@ Incorrect: pen test, PenTest, Pen Test ## A vs. An -"An" should be used when the next word starts with a consonant _sound_. Otherwise, "A" should be used. +"An" should be used when the next word starts with a consonant *sound*. Otherwise, "A" should be used. Correct: diff --git a/methodology/notes/website_testing/information.md b/methodology/notes/website_testing/information.md index 4c070a90..9ebaedcd 100644 --- a/methodology/notes/website_testing/information.md +++ b/methodology/notes/website_testing/information.md @@ -1,16 +1,19 @@ # Information gathering and Reconnaisance ## Tools used + ## Attack Surface Summary + ## What is done well + diff --git a/spec/bugcrowd_templates_spec.rb b/spec/bugcrowd_templates_spec.rb index 8c993e08..c0d46284 100644 --- a/spec/bugcrowd_templates_spec.rb +++ b/spec/bugcrowd_templates_spec.rb @@ -70,7 +70,7 @@ let!(:file_name) { 'template' } it 'returns the bugcrowd template value as string' do - is_expected.to include('# Outdated Software Version') + is_expected.to include('Outdated Software Version') end context 'when file_name with multiple options' do @@ -78,7 +78,7 @@ let!(:file_name) { 'template' } it 'returns the bugcrowd template value as string' do - is_expected.to include('# Outdated Software Version') + is_expected.to include('Outdated Software Version') end end @@ -113,7 +113,7 @@ let!(:file_name) { 'template' } it 'returns the bugcrowd template value as string' do - is_expected.to include('# Outdated Software Version') + is_expected.to include('Outdated Software Version') end end @@ -159,7 +159,7 @@ let!(:file_name) { 'template' } it 'returns the template defined in the subcategory folder' do - is_expected.to include('# Clickjacking') + is_expected.to include('Clickjacking') end end @@ -170,7 +170,7 @@ let!(:file_name) { 'template' } it 'returns the template defined in the subcategory folder' do - is_expected.to include('# Clickjacking') + is_expected.to include('Clickjacking') end end @@ -181,7 +181,7 @@ let!(:file_name) { 'template' } it 'returns the template defined in the subcategory folder' do - is_expected.to include('# Outdated Software Version') + is_expected.to include('Outdated Software Version') end end diff --git a/submissions/description/lack_of_binary_hardening/lack_of_jailbreak_detection/recommendations.md b/submissions/description/lack_of_binary_hardening/lack_of_jailbreak_detection/recommendations.md index 0c64985c..4ad50dfb 100644 --- a/submissions/description/lack_of_binary_hardening/lack_of_jailbreak_detection/recommendations.md +++ b/submissions/description/lack_of_binary_hardening/lack_of_jailbreak_detection/recommendations.md @@ -1,4 +1,5 @@ # Recommendation(s) + It is recommended to implement exploit mitigation controls within the application that prevent an attacker from analyzing, reverse engineering, or performing unauthorized code modifications. This can include leveraging jailbreak detection frameworks and libraries specifically designed to identify jailbroken (or rooted Android) devices. A good framework will monitor the runtime environment and check for the presence of known jailbreak files and directories. For further information, please refer to: diff --git a/submissions/description/server_side_injection/ldap_injection/template.md b/submissions/description/server_side_injection/ldap_injection/template.md index 124fa7cd..5d9615fd 100644 --- a/submissions/description/server_side_injection/ldap_injection/template.md +++ b/submissions/description/server_side_injection/ldap_injection/template.md @@ -1,5 +1,6 @@ #### Business Impact + LDAP injection vulnerabilities can lead to reputational damage through the impact to customers’ trust, or to regulatory fines due to an attacker’s unauthorized access to data. The severity of the impact to the business is dependent on the sensitivity of the data being stored in, and transmitted by the application. #### Steps to Reproduce