Fixed typo

OWASP · Dec 20, 2023 · 238aae5 · 238aae5
1 parent 19a566f
commit 238aae5
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md b/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
@@ -16,7 +16,7 @@ In short, the following principles should be followed to defend against CSRF:
 - **First, check if your framework has [built-in CSRF protection](#use-built-in-or-existing-csrf-implementations-for-csrf-protection) and use it**
 - **If the framework does not have built-in CSRF protection, add [CSRF tokens](#token-based-mitigation) to all state changing requests (requests that cause actions on the site) and validate them on the backend**
 - **Stateful software should use the [synchronizer token pattern](#synchronizer-token-pattern)**
-- **Stateless software shoud use [double submit cookies](#double-submit-cookie)**
+- **Stateless software should use [double submit cookies](#double-submit-cookie)**
 - **If an API-driven site can't use `<form>` tags, consider [using custom request headers](#custom-request-headers)**
 - **Implement at least one mitigation from [Defense in Depth Mitigations](#defense-in-depth-techniques) section**
 - **[SameSite Cookie Attribute](#samesite-cookie-attribute) can be used for session cookies** but be careful to NOT set a cookie specifically for a domain. This action introduces a security vulnerability because all subdomains of that domain will share the cookie, and this is particularly an issue if a subdomain has a CNAME to domains not in your control.

diff --git a/cheatsheets/Java_Security_Cheat_Sheet.md b/cheatsheets/Java_Security_Cheat_Sheet.md
@@ -749,7 +749,7 @@ class App {
 
         KeysetHandle bobPublicKey = bob.getPublicKey();
 
-        // This keypair generation shoud be reperformed every so often in order to
+        // This keypair generation should be reperformed every so often in order to
         // obtain a new shared secret to avoid a long lived shared secret.
 
         // Alice encrypts a message to send to Bob
@@ -868,7 +868,7 @@ class Main {
         var bob = new ECDHSimple();
         Key bobPublicKey = bob.getPublicKey();
 
-        // This keypair generation shoud be reperformed every so often in order to 
+        // This keypair generation should be reperformed every so often in order to 
         // obtain a new shared secret to avoid a long lived shared secret.
 
         // Alice encrypts a message to send to Bob