fix: Authentication Cheat Sheet: Correct grammar and markdown style

[philCryoport]

Thank you for submitting a Pull Request (PR) to the Cheat Sheet Series.

:triangular_flag_on_post: If your PR is related to grammar/typo mistakes, please double-check the file for other mistakes in order to fix all the issues in the current cheat sheet.

✅ Ran the text through Grammarly on the most relaxed setting, made changes accordingly

Please make sure that for your contribution:

• [N/A] In case of a new Cheat Sheet, you have used the Cheat Sheet template.
• [✅] All the markdown files do not raise any validation policy violation, see the policy.
• [✅] All the markdown files follow these format rules.
• [✅] All your assets are stored in the assets folder.
• [✅] All the images used are in the PNG format.
• [✅] Any references to websites have been formatted as [TEXT](URL)
• [✅] You verified/tested the effectiveness of your contribution (e.g., the defensive code proposed is really an effective remediation? Please verify it works!).
• [✅] The CI build of your PR pass, see the build status here.

If your PR is related to an issue, please finish your PR text with the following line: N/A

Thank you again for your contribution :smiley:

[philCryoport]

Question:

I followed the local build instructions and ran:

make install-python-requirements
make generate-site
make serve  # Binds port 8000

...and it made a TON of changes to /Index.md even though I only changed the Authentication Cheat Sheet. Should I be adding to this PR those changes?

git diff output for `Index.md`

diff --git a/Index.md b/Index.md index 504b52d9..9c7d03aa 100644 --- a/Index.md +++ b/Index.md @@ -1,10 +1,10 @@ -# Introduction +# Index Alphabetical -**64** cheat sheets available. +**89** cheat sheets available. *Icons beside the cheat sheet name indicate in which language(s) code snippet(s) are provided.* -[A](Index.md#a) [B](Index.md#b) [C](Index.md#c) [D](Index.md#d) [E](Index.md#e) [F](Index.md#f) [H](Index.md#h) [I](Index.md#i) [J](Index.md#j) [K](Index.md#k) [L](Index.md#l) [M](Index.md#m) [N](Index.md#n) [O](Index.md#o) [P](Index.md#p) [Q](Index.md#q) [R](Index.md#r) [S](Index.md#s) [T](Index.md#t) [U](Index.md#u) [V](Index.md#v) [W](Index.md#w) [X](Index.md#x) +[A](Index.md#a) [B](Index.md#b) [C](Index.md#c) [D](Index.md#d) [E](Index.md#e) [F](Index.md#f) [G](Index.md#g) [H](Index.md#h) [I](Index.md#i) [J](Index.md#j) [K](Index.md#k) [L](Index.md#l) [M](Index.md#m) [N](Index.md#n) [O](Index.md#o) [P](Index.md#p) [Q](Index.md#q) [R](Index.md#r) [S](Index.md#s) [T](Index.md#t) [U](Index.md#u) [V](Index.md#v) [W](Index.md#w) [X](Index.md#x) ## A @@ -14,27 +14,33 @@ [Authentication Cheat Sheet](cheatsheets/Authentication_Cheat_Sheet.md). -[AJAX Security Cheat Sheet](cheatsheets/AJAX_Security_Cheat_Sheet.md).  +[Authorization Cheat Sheet](cheatsheets/Authorization_Cheat_Sheet.md). + +[AJAX Security Cheat Sheet](cheatsheets/AJAX_Security_Cheat_Sheet.md).  [Abuse Case Cheat Sheet](cheatsheets/Abuse_Case_Cheat_Sheet.md). -[Authorization Testing Automation Cheat Sheet](cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.md).   +[Authorization Testing Automation Cheat Sheet](cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.md).   ## B -[Bean Validation Cheat Sheet](cheatsheets/Bean_Validation_Cheat_Sheet.md).   +[Bean Validation Cheat Sheet](cheatsheets/Bean_Validation_Cheat_Sheet.md).   ## C -[Cross-Site Request Forgery Prevention Cheat Sheet](cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md).  +[CI CD Security Cheat Sheet](cheatsheets/CI_CD_Security_Cheat_Sheet.md). + +[Cross-Site Request Forgery Prevention Cheat Sheet](cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md).  -[Clickjacking Defense Cheat Sheet](cheatsheets/Clickjacking_Defense_Cheat_Sheet.md).   +[Clickjacking Defense Cheat Sheet](cheatsheets/Clickjacking_Defense_Cheat_Sheet.md).   -[Cross Site Scripting Prevention Cheat Sheet](cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md).      +[Cross Site Scripting Prevention Cheat Sheet](cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md).  + +[C-Based Toolchain Hardening Cheat Sheet](cheatsheets/C-Based_Toolchain_Hardening_Cheat_Sheet.md).   [Choosing and Using Security Questions Cheat Sheet](cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.md). -[Content Security Policy Cheat Sheet](cheatsheets/Content_Security_Policy_Cheat_Sheet.md).  +[Content Security Policy Cheat Sheet](cheatsheets/Content_Security_Policy_Cheat_Sheet.md).   [Credential Stuffing Prevention Cheat Sheet](cheatsheets/Credential_Stuffing_Prevention_Cheat_Sheet.md). @@ -42,21 +48,27 @@ ## D -[Deserialization Cheat Sheet](cheatsheets/Deserialization_Cheat_Sheet.md).    +[Deserialization Cheat Sheet](cheatsheets/Deserialization_Cheat_Sheet.md).    + +[Docker Security Cheat Sheet](cheatsheets/Docker_Security_Cheat_Sheet.md).  -[Docker Security Cheat Sheet](cheatsheets/Docker_Security_Cheat_Sheet.md).  +[Django Security Cheat Sheet](cheatsheets/Django_Security_Cheat_Sheet.md).   + +[Django REST Framework Cheat Sheet](cheatsheets/Django_REST_Framework_Cheat_Sheet.md).  [Database Security Cheat Sheet](cheatsheets/Database_Security_Cheat_Sheet.md). -[DotNet Security Cheat Sheet](cheatsheets/DotNet_Security_Cheat_Sheet.md).      +[DotNet Security Cheat Sheet](cheatsheets/DotNet_Security_Cheat_Sheet.md).     -[DOM based XSS Prevention Cheat Sheet](cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.md).   +[DOM based XSS Prevention Cheat Sheet](cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.md).   [Denial of Service Cheat Sheet](cheatsheets/Denial_of_Service_Cheat_Sheet.md). +[DOM Clobbering Prevention Cheat Sheet](cheatsheets/DOM_Clobbering_Prevention_Cheat_Sheet.md).   + ## E -[Error Handling Cheat Sheet](cheatsheets/Error_Handling_Cheat_Sheet.md).    +[Error Handling Cheat Sheet](cheatsheets/Error_Handling_Cheat_Sheet.md).    ## F @@ -64,53 +76,79 @@ [Forgot Password Cheat Sheet](cheatsheets/Forgot_Password_Cheat_Sheet.md). +## G + +[GraphQL Cheat Sheet](cheatsheets/GraphQL_Cheat_Sheet.md).   + ## H -[HTML5 Security Cheat Sheet](cheatsheets/HTML5_Security_Cheat_Sheet.md).      +[HTTP Headers Cheat Sheet](cheatsheets/HTTP_Headers_Cheat_Sheet.md).    + +[HTML5 Security Cheat Sheet](cheatsheets/HTML5_Security_Cheat_Sheet.md).      [HTTP Strict Transport Security Cheat Sheet](cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md). ## I -[Injection Prevention Cheat Sheet](cheatsheets/Injection_Prevention_Cheat_Sheet.md).  +[Injection Prevention Cheat Sheet](cheatsheets/Injection_Prevention_Cheat_Sheet.md).  + +[Injection Prevention in Java Cheat Sheet](cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.md). -[Injection Prevention in Java Cheat Sheet](cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.md).   +[Input Validation Cheat Sheet](cheatsheets/Input_Validation_Cheat_Sheet.md).  -[Input Validation Cheat Sheet](cheatsheets/Input_Validation_Cheat_Sheet.md).  +[Infrastructure as Code Security Cheat Sheet](cheatsheets/Infrastructure_as_Code_Security_Cheat_Sheet.md). -[Insecure Direct Object Reference Prevention Cheat Sheet](cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.md).  +[Insecure Direct Object Reference Prevention Cheat Sheet](cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.md). ## J -[JAAS Cheat Sheet](cheatsheets/JAAS_Cheat_Sheet.md).  +[Java Security Cheat Sheet](cheatsheets/Java_Security_Cheat_Sheet.md).   -[JSON Web Token for Java Cheat Sheet](cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.md).     +[JAAS Cheat Sheet](cheatsheets/JAAS_Cheat_Sheet.md).  + +[JSON Web Token for Java Cheat Sheet](cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.md).     ## K [Key Management Cheat Sheet](cheatsheets/Key_Management_Cheat_Sheet.md). +[Kubernetes Security Cheat Sheet](cheatsheets/Kubernetes_Security_Cheat_Sheet.md).   + ## L [Logging Cheat Sheet](cheatsheets/Logging_Cheat_Sheet.md). +[Laravel Cheat Sheet](cheatsheets/Laravel_Cheat_Sheet.md).     + [LDAP Injection Prevention Cheat Sheet](cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.md). +[Logging Vocabulary Cheat Sheet](cheatsheets/Logging_Vocabulary_Cheat_Sheet.md). + ## M +[Microservices Security Cheat Sheet](cheatsheets/Microservices_Security_Cheat_Sheet.md). + +[Mobile Application Security Cheat Sheet](cheatsheets/Mobile_Application_Security_Cheat_Sheet.md). + [Multifactor Authentication Cheat Sheet](cheatsheets/Multifactor_Authentication_Cheat_Sheet.md). -[Mass Assignment Cheat Sheet](cheatsheets/Mass_Assignment_Cheat_Sheet.md).     +[Mass Assignment Cheat Sheet](cheatsheets/Mass_Assignment_Cheat_Sheet.md).     [Microservices based Security Arch Doc Cheat Sheet](cheatsheets/Microservices_based_Security_Arch_Doc_Cheat_Sheet.md). ## N -[NodeJS Security Cheat Sheet](cheatsheets/Nodejs_Security_Cheat_Sheet.md).    +[NodeJS Docker Cheat Sheet](cheatsheets/NodeJS_Docker_Cheat_Sheet.md). + +[NPM Security Cheat Sheet](cheatsheets/NPM_Security_Cheat_Sheet.md). + +[Nodejs Security Cheat Sheet](cheatsheets/Nodejs_Security_Cheat_Sheet.md).   + +[Network Segmentation Cheat Sheet](cheatsheets/Network_Segmentation_Cheat_Sheet.md). ## O -[OS Command Injection Defense Cheat Sheet](cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.md).    +[OS Command Injection Defense Cheat Sheet](cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.md).    ## P @@ -120,9 +158,11 @@ [Pinning Cheat Sheet](cheatsheets/Pinning_Cheat_Sheet.md). +[Prototype Pollution Prevention Cheat Sheet](cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.md).  + ## Q -[Query Parameterization Cheat Sheet](cheatsheets/Query_Parameterization_Cheat_Sheet.md).        +[Query Parameterization Cheat Sheet](cheatsheets/Query_Parameterization_Cheat_Sheet.md).        ## R @@ -130,29 +170,37 @@ [REST Assessment Cheat Sheet](cheatsheets/REST_Assessment_Cheat_Sheet.md). -[Ruby on Rails Cheat Sheet](cheatsheets/Ruby_on_Rails_Cheat_Sheet.md).    +[Ruby on Rails Cheat Sheet](cheatsheets/Ruby_on_Rails_Cheat_Sheet.md).    ## S +[Secure Product Design Cheat Sheet](cheatsheets/Secure_Product_Design_Cheat_Sheet.md). + +[Secure Cloud Architecture Cheat Sheet](cheatsheets/Secure_Cloud_Architecture_Cheat_Sheet.md). + [Securing Cascading Style Sheets Cheat Sheet](cheatsheets/Securing_Cascading_Style_Sheets_Cheat_Sheet.md). -[SQL Injection Prevention Cheat Sheet](cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.md).      +[SQL Injection Prevention Cheat Sheet](cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.md).    -[Server Side Request Forgery Prevention Cheat Sheet](cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.md).     +[Server Side Request Forgery Prevention Cheat Sheet](cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.md).     [SAML Security Cheat Sheet](cheatsheets/SAML_Security_Cheat_Sheet.md). [Session Management Cheat Sheet](cheatsheets/Session_Management_Cheat_Sheet.md). +[Secrets Management Cheat Sheet](cheatsheets/Secrets_Management_Cheat_Sheet.md). + +[Symfony Cheat Sheet](cheatsheets/Symfony_Cheat_Sheet.md).   + ## T [Transaction Authorization Cheat Sheet](cheatsheets/Transaction_Authorization_Cheat_Sheet.md). [TLS Cipher String Cheat Sheet](cheatsheets/TLS_Cipher_String_Cheat_Sheet.md). -[Transport Layer Protection Cheat Sheet](cheatsheets/Transport_Layer_Protection_Cheat_Sheet.md).  +[Transport Layer Protection Cheat Sheet](cheatsheets/Transport_Layer_Protection_Cheat_Sheet.md).  -[Third Party Javascript Management Cheat Sheet](cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.md).   +[Third Party Javascript Management Cheat Sheet](cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.md).   [Threat Modeling Cheat Sheet](cheatsheets/Threat_Modeling_Cheat_Sheet.md). @@ -160,15 +208,15 @@ [User Privacy Protection Cheat Sheet](cheatsheets/User_Privacy_Protection_Cheat_Sheet.md). -[Unvalidated Redirects and Forwards Cheat Sheet](cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.md).     +[Unvalidated Redirects and Forwards Cheat Sheet](cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.md).     ## V -[Virtual Patching Cheat Sheet](cheatsheets/Virtual_Patching_Cheat_Sheet.md).  +[Virtual Patching Cheat Sheet](cheatsheets/Virtual_Patching_Cheat_Sheet.md).  [Vulnerability Disclosure Cheat Sheet](cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.md). -[Vulnerable Dependency Management Cheat Sheet](cheatsheets/Vulnerable_Dependency_Management_Cheat_Sheet.md).  +[Vulnerable Dependency Management Cheat Sheet](cheatsheets/Vulnerable_Dependency_Management_Cheat_Sheet.md).  ## W @@ -176,6 +224,10 @@ ## X -[XML External Entity Prevention Cheat Sheet](cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.md).     +[XML External Entity Prevention Cheat Sheet](cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.md).     + +[XSS Filter Evasion Cheat Sheet](cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.md).   + +[XML Security Cheat Sheet](cheatsheets/XML_Security_Cheat_Sheet.md).    -[XML Security Cheat Sheet](cheatsheets/XML_Security_Cheat_Sheet.md).    +[XS Leaks Cheat Sheet](cheatsheets/XS_Leaks_Cheat_Sheet.md).  

[mackowski]

Question:

I followed the local build instructions and ran:

make install-python-requirements
make generate-site
make serve  # Binds port 8000

...and it made a TON of changes to /Index.md even though I only changed the Authentication Cheat Sheet. Should I be adding to this PR those changes?

git diff output for Index.md diff --git a/Index.md b/Index.md index 504b52d9..9c7d03aa 100644 --- a/Index.md +++ b/Index.md @@ -1,10 +1,10 @@ -# Introduction +# Index Alphabetical -64 cheat sheets available. +89 cheat sheets available.

Icons beside the cheat sheet name indicate in which language(s) code snippet(s) are provided.

-A B C D E F H I J K L M N O P Q R S T U V W X +A B C D E F G H I J K L M N O P Q R S T U V W X

A

@@ -14,27 +14,33 @@

Authentication Cheat Sheet.

-AJAX Security Cheat Sheet. +Authorization Cheat Sheet. + +AJAX Security Cheat Sheet.

Abuse Case Cheat Sheet.

-Authorization Testing Automation Cheat Sheet. +Authorization Testing Automation Cheat Sheet.

B

-Bean Validation Cheat Sheet. +Bean Validation Cheat Sheet.

C

-Cross-Site Request Forgery Prevention Cheat Sheet. +CI CD Security Cheat Sheet. + +Cross-Site Request Forgery Prevention Cheat Sheet.

-Clickjacking Defense Cheat Sheet. +Clickjacking Defense Cheat Sheet.

-Cross Site Scripting Prevention Cheat Sheet. +Cross Site Scripting Prevention Cheat Sheet. + +C-Based Toolchain Hardening Cheat Sheet.

Choosing and Using Security Questions Cheat Sheet.

-Content Security Policy Cheat Sheet. +Content Security Policy Cheat Sheet.

Credential Stuffing Prevention Cheat Sheet.

@@ -42,21 +48,27 @@

D

-Deserialization Cheat Sheet. +Deserialization Cheat Sheet. + +Docker Security Cheat Sheet.

-Docker Security Cheat Sheet. +Django Security Cheat Sheet. + +Django REST Framework Cheat Sheet.

Database Security Cheat Sheet.

-DotNet Security Cheat Sheet. +DotNet Security Cheat Sheet.

-DOM based XSS Prevention Cheat Sheet. +DOM based XSS Prevention Cheat Sheet.

Denial of Service Cheat Sheet.

+DOM Clobbering Prevention Cheat Sheet. +

E

-Error Handling Cheat Sheet. +Error Handling Cheat Sheet.

F

@@ -64,53 +76,79 @@

Forgot Password Cheat Sheet.

+## G + +GraphQL Cheat Sheet. +

H

-HTML5 Security Cheat Sheet. +HTTP Headers Cheat Sheet. + +HTML5 Security Cheat Sheet.

HTTP Strict Transport Security Cheat Sheet.

I

-Injection Prevention Cheat Sheet. +Injection Prevention Cheat Sheet. + +Injection Prevention in Java Cheat Sheet.

-Injection Prevention in Java Cheat Sheet. +Input Validation Cheat Sheet.

-Input Validation Cheat Sheet. +Infrastructure as Code Security Cheat Sheet.

-Insecure Direct Object Reference Prevention Cheat Sheet. +Insecure Direct Object Reference Prevention Cheat Sheet.

J

-JAAS Cheat Sheet. +Java Security Cheat Sheet.

-JSON Web Token for Java Cheat Sheet. +JAAS Cheat Sheet. + +JSON Web Token for Java Cheat Sheet.

K

Key Management Cheat Sheet.

+Kubernetes Security Cheat Sheet. +

L

Logging Cheat Sheet.

+Laravel Cheat Sheet. + LDAP Injection Prevention Cheat Sheet.

+Logging Vocabulary Cheat Sheet. +

M

+Microservices Security Cheat Sheet. + +Mobile Application Security Cheat Sheet. + Multifactor Authentication Cheat Sheet.

-Mass Assignment Cheat Sheet. +Mass Assignment Cheat Sheet.

Microservices based Security Arch Doc Cheat Sheet.

N

-NodeJS Security Cheat Sheet. +NodeJS Docker Cheat Sheet. + +NPM Security Cheat Sheet. + +Nodejs Security Cheat Sheet. + +Network Segmentation Cheat Sheet.

O

-OS Command Injection Defense Cheat Sheet. +OS Command Injection Defense Cheat Sheet.

P

@@ -120,9 +158,11 @@

Pinning Cheat Sheet.

+Prototype Pollution Prevention Cheat Sheet. +

Q

-Query Parameterization Cheat Sheet. +Query Parameterization Cheat Sheet.

R

@@ -130,29 +170,37 @@

REST Assessment Cheat Sheet.

-Ruby on Rails Cheat Sheet. +Ruby on Rails Cheat Sheet.

S

+Secure Product Design Cheat Sheet. + +Secure Cloud Architecture Cheat Sheet. + Securing Cascading Style Sheets Cheat Sheet.

-SQL Injection Prevention Cheat Sheet. +SQL Injection Prevention Cheat Sheet.

-Server Side Request Forgery Prevention Cheat Sheet. +Server Side Request Forgery Prevention Cheat Sheet.

SAML Security Cheat Sheet.

Session Management Cheat Sheet.

+Secrets Management Cheat Sheet. + +Symfony Cheat Sheet. +

T

Transaction Authorization Cheat Sheet.

TLS Cipher String Cheat Sheet.

-Transport Layer Protection Cheat Sheet. +Transport Layer Protection Cheat Sheet.

-Third Party Javascript Management Cheat Sheet. +Third Party Javascript Management Cheat Sheet.

Threat Modeling Cheat Sheet.

@@ -160,15 +208,15 @@

User Privacy Protection Cheat Sheet.

-Unvalidated Redirects and Forwards Cheat Sheet. +Unvalidated Redirects and Forwards Cheat Sheet.

V

-Virtual Patching Cheat Sheet. +Virtual Patching Cheat Sheet.

Vulnerability Disclosure Cheat Sheet.

-Vulnerable Dependency Management Cheat Sheet. +Vulnerable Dependency Management Cheat Sheet.

W

@@ -176,6 +224,10 @@

X

-XML External Entity Prevention Cheat Sheet. +XML External Entity Prevention Cheat Sheet. + +XSS Filter Evasion Cheat Sheet. + +XML Security Cheat Sheet.

-XML Security Cheat Sheet. +XS Leaks Cheat Sheet.

@philCryoport no you do not need to add this changes to PR because this file is generated by the scripts. But thanks for bringing this as we should document that!