Merge pull request #77 from security-alliance/spelling

[WIP] Typo fixes and wordlist update

README.md

@@ -44,7 +44,7 @@ To comment on the live version of the book under development, you will need to l
 1. Create a pull request. Go to your forked repository on GitHub. You should see a "Compare & pull
    request" button. Click on it. Provide a descriptive title and description for your pull request.
 2. Click on the "Create pull request" button.
-3.  Wait for review. Once your pull request is approved, and no more changes are needeed, we will
+3.  Wait for review. Once your pull request is approved, and no more changes are needed, we will
     merge it into the main repository.
 4.  Congratulations! Your changes are now part of the security frameworks!
 
@@ -57,4 +57,4 @@ Editors merge PRs and push suggestions to the main branch which will be reflecte
 
 ## caveats
 - Using the `serve.sh` script instead of mdBook `serve` command is needed to be able to see properly
-  the local deployment.
+  the local deployment.

src/awareness/security-training.md

@@ -7,12 +7,12 @@ All team members should receive some type of security training, however how in-d
 
 ## Security Training Session
 
-As an introductionary and overarching training session, this could be done:
+As an introductory and overarching training session, this could be done:
 
 ### 1. Introduction to Security
 
 - **Importance of Security**: Explain why security is important for your project.
-- **Common Threats**: What are the common threats targetting your platform, and what type of attacks are most likely to happen for the team you're doing security training for.
+- **Common Threats**: What are the common threats targeting your platform, and what type of attacks are most likely to happen for the team you're doing security training for.
 
 ### 2. Password Management
 

src/awareness/social-engineering.md

@@ -2,7 +2,7 @@
 
 tag: [Security Specialist, Operations & Strategy]
 
-Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information. This is one of the easiest and most effective ways to otain access to your project.
+Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information. This is one of the easiest and most effective ways to obtain access to your project.
 
 ## Common Social Engineering Techniques
 

src/awareness/staying-up-to-date.md

@@ -5,7 +5,7 @@ It is often very valuable to have information on the latest security threats and
 
 ## 1. Subscribe to Security Newsletters
 
-- **Industry News**: While most security newsletters are focused on web2, they could still be relevant to your project as a large part is actually likelt to run on web2 services. You could subscribe to newsletters from sources such as FIRST.org.
+- **Industry News**: While most security newsletters are focused on web2, they could still be relevant to your project as a large part is actually likely to run on web2 services. You could subscribe to newsletters from sources such as FIRST.org.
 - **Vendor Updates**: If you have awareness of what software and hardware you're running in your project stack (which you should), you can follow updates from them for information on new vulnerabilities and patches.
 
 ## 2. Participate in Security Communities
@@ -15,4 +15,4 @@ It is often very valuable to have information on the latest security threats and
 
 ## 3. Follow Security Blogs and Podcasts
 
-- **Social Feeds**: Follow blogs and listen to podcasts such as the Daily Stormcast from FIRST.org or darkness diaries to gain deeper insights into emerging threats and solutions.
+- **Social Feeds**: Follow blogs and listen to podcasts such as the Daily Stormcast from FIRST.org or darknet diaries to gain deeper insights into emerging threats and solutions.

src/community-management/README.md

@@ -2,7 +2,7 @@
 tag: [Community & Marketing]
 
 Historically, there has been quite a few compromised communities where the threat actor then transformed it into a phishing platform with users ending up losing funds as a consequence. In order to protect your users, as well as your own brand, you should ensure that you secure your communities.
-Each community platform has its own set of best practises, and below you can find some general approaches to securing your community
+Each community platform has its own set of best practices, and below you can find some general approaches to securing your community
 
 - **Strong Passwords and Two-Factor Authentication (2FA):**
     - Use unique, complex passwords for each service, managed through a password vault.

src/community-management/telegram.md

@@ -1,7 +1,7 @@
 # Telegram Security
 tag: [Community & Marketing]
 
-Telegram, in its default mode, is actually not providing end-to-end encryption between users. If it's important to have end-to-end encryption, using a messenger suc has [Signal](https://signal.org/) should be used instead. With that said, Telegram is popular in the crypto ecosystem, and as such you can find some best practises below when it comes to securing Telegram.
+Telegram, in its default mode, is actually not providing end-to-end encryption between users. If it's important to have end-to-end encryption, using a messenger suc has [Signal](https://signal.org/) should be used instead. With that said, Telegram is popular in the crypto ecosystem, and as such you can find some best practices below when it comes to securing Telegram.
 
 ## Standard Security
 

src/community-management/twitter.md

@@ -1,7 +1,7 @@
 # Twitter Security
 tag: [Community & Marketing]
 
-Having your twitter account compromised can cause a lot of damage not only to you but to the entire ecosystem. Securing your Twitter account is not particularily hard or time consuming, so consider following the best practises below:
+Having your twitter account compromised can cause a lot of damage not only to you but to the entire ecosystem. Securing your Twitter account is not particularly hard or time consuming, so consider following the best practices below:
 
 ## Remove your phone number
 
@@ -18,7 +18,7 @@ Two-factor authentication is extremely useful to protect against hackers, but no
 2. Make sure “Text message” is disabled
 3. Make sure either “Authentication app” or “Security key” is enabled
     1. If you choose an authentication app, you can store your TOTP secret in Authy or Google Authenticator (but make sure to disable [sync](https://retool.com/blog/mfa-isnt-mfa))
-    2. If you choose security keys, you’ll probably want two at minimum in case one of them stop functioning. [Yubico](https://www.yubico.com/) provide multiple hardware keys which have proved the test of timel
+    2. If you choose security keys, you’ll probably want two at minimum in case one of them stop functioning. [Yubico](https://www.yubico.com/) provide multiple hardware keys which have stood the test of time.
 4. Select “Backup codes”, then generate a new backup code to store in a safe place, preferably printed rather than on your computer as compromising one device should not mean the threat actor has access to everything.
 
 ## Revoke access from delegated accounts

src/contribute/contributors.md

@@ -1,5 +1,5 @@
 # Contributors
-Contributors that made a substancial amount of contribution will be listed below.
+Contributors that made a substantial amount of contribution will be listed below.
 
 ## Core team
 Matías Aereal Aeón (@mattaereal)
@@ -12,4 +12,3 @@ Jorge de los Santos (@tebayoso)
 ### Feedback
 Patrick Collins (@patrickcollins)
 Sebastián Fernández (@snf)
-

src/devsecops/README.md

@@ -8,4 +8,4 @@ When operating in a devsecops mindset, projects prioritizes automation and colla
 Some of the key areas to consider are:
 1. Integrate security measures early in the development process, such as by utilizing security tools such as fuzzing, static and dynamic analysis tools in your CI/CD process, to identify and mitigate vulnerabilities before they turn into critical issues.
 2. Implement automated security testing and monitoring.
-3. Dvelopment, Operations and Security teams should be aligned and work closely together.
+3. Development, Operations and Security teams should be aligned and work closely together.

src/devsecops/continuous-integration-continuous-deployment.md

@@ -1,7 +1,7 @@
 # Continuous Integration and Continuous Deployment (CI/CD)
 tag: [Engineer/Developer, Security Specialist, Devops, SRE]
 
-Continuous Integration and Continuous Deployment are there to ensure good code quality and create rapid and secure deployments. Some best practises are:
+Continuous Integration and Continuous Deployment are there to ensure good code quality and create rapid and secure deployments. Some best practices are:
 
 1. Ensure every PR undergoes CI testing (e.g., GitHub Actions) that must pass before merging. CI tests should at least include unit tests, integration tests, and checks for known vulnerabilities in dependencies.
 2. The CI/CD pipeline should check for misconfigurations and leaked credentials.

src/devsecops/repository-hardening.md

@@ -1,7 +1,7 @@
 # Repository Hardening
 tag: [Engineer/Developer, Security Specialist, Devops]
 
-If a threat actor obtains access to your repository, it could have very severe consequenses. In order to help avoid this, you could consider implementing the following best practises:
+If a threat actor obtains access to your repository, it could have very severe consequences. In order to help avoid this, you could consider implementing the following best practices:
 
 
 1. Require Multi-Factor Authentication (MFA) for all repository members.

src/front-end-web-app/README.md

@@ -1,7 +1,7 @@
 # Front-End Web Application Security Best Practices
 tag: [Engineer/Developer, Security Specialist, Devops]
 
-Often an overlooked area, but ensuring the security of your front-end web and potential mobile applications is crucial for protecting your users. If the front-end web application is compromised, it could have severe effects on your users as they for example could start interacting with a malicious contract instead of your offical contract.
+Often an overlooked area, but ensuring the security of your front-end web and potential mobile applications is crucial for protecting your users. If the front-end web application is compromised, it could have severe effects on your users as they for example could start interacting with a malicious contract instead of your official contract.
 
 ## Contents
 

src/front-end-web-app/common-vulnerabilities.md

@@ -4,7 +4,7 @@ tag: [Engineer/Developer, Security Specialist, Devops]
 Understanding and mitigating common vulnerabilities is crucial for securing your web and mobile applications. Here are some frequently encountered vulnerabilities:
 
 ## General Vulnerabilities
-- **Account Takeovers**: Having the administrator accounts for your services (DNS, Cloud, Domain Registrar, Email, Github, etc.) is likely to be devestating to your project, as a threat actor can then make malicious changes. To protect against this, it is recommended to follow best practises with regards to account security and use hardware 2FA solutions to secure the accounts.
+- **Account Takeovers**: Having the administrator accounts for your services (DNS, Cloud, Domain Registrar, Email, Github, etc.) is likely to be devastating to your project, as a threat actor can then make malicious changes. To protect against this, it is recommended to follow best practices with regards to account security and use hardware 2FA solutions to secure the accounts.
 
 ## Web Application Vulnerabilities
 

src/governance/risk-management.md

@@ -5,7 +5,7 @@ If a project has effective risk management, it is also likely to be successful a
 
 ## Best Practices for Risk Management
 
-1. Use established frameworks such as NIST, ISO 27001, or COBIT to helop start your risk management efforts.
+1. Use established frameworks such as NIST, ISO 27001, or COBIT to help start your risk management efforts.
 2. Focus on the most critical risks first, using a risk matrix to prioritize based on likelihood and impact.
 3. Conduct regular risk assessments and reviews to keep up with the so very evolving threat landscape.
 4. Use lessons learned from past incidents and risk assessments to continuously improve your risk management practices.

src/infrastructure/operating-system-security.md

@@ -1,7 +1,7 @@
 # Operating System Security
 tag: [Engineer/Developer, Security Specialist, Operations & Strategy, Devops, SRE]
 
-This document outlines some general best practises one should follow with regards to operating system security, however if you're interested in a much more comprehensive guide you could look at [NIST 800-123](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf).
+This document outlines some general best practices one should follow with regards to operating system security, however if you're interested in a much more comprehensive guide you could look at [NIST 800-123](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf).
 
 ## Best Practices
 

src/intro/what-is-it.md

@@ -4,4 +4,4 @@ This resource is a collection of best practices written in an abstract or genera
 
 This guide aims to centralize existing information, so you might not see novel features but rather a well-organized compilation of security-related topics, from simpler ones to more complex ones. The goal is to provide a comprehensive resource that brings together diverse security insights and practices into one accessible place.
 
-Our hope is that these resources will help expand your security skillset.
+Our hope is that these resources will help expand your security skill set.

src/user-team-security/phishing-social-engineering.md

@@ -27,6 +27,6 @@ In the dynamic and often nebulous realm of web3 and cryptocurrencies, understand
 
 ## Check & Remove Token Approvals
 
-There are services available that let you check which smart contracts have approvals to handle funds in your wallet. By regularly checking this and revoking unecessary approvals you can improve your security posture.
+There are services available that let you check which smart contracts have approvals to handle funds in your wallet. By regularly checking this and revoking unnecessary approvals you can improve your security posture.
 [Unrekt](https://app.unrekt.net/)
 [Etherscan Token Approval Checker](https://etherscan.io/tokenapprovalchecker)

src/user-team-security/security-training.md

@@ -8,7 +8,7 @@ Regular security training helps keep security top-of-mind and reinforces the imp
 1. **Regular Training Sessions**
    - Conduct regular security training sessions to keep team members informed about the latest threats and best practices.
    - Schedule training sessions at least quarterly or bi-annually.
-   - Don't make the trainign sessions too long, it's better to make them more frequent compared to a three hour session each year.
+   - Don't make the training sessions too long, it's better to make them more frequent compared to a three hour session each year.
 
 2. **Interactive Training**
    - Use interactive training methods, such as SEAL Wargames or workshops to engage team members and enhance learning.
@@ -41,4 +41,4 @@ Regular security training helps keep security top-of-mind and reinforces the imp
    - Instruct team members on how to report security incidents and suspicious activities promptly.
 
 5. **Secure Coding Practices**
-   - For developers, provide training on secure coding practices and common vulnerabilities.
+   - For developers, provide training on secure coding practices and common vulnerabilities.

wordlist.txt

@@ -1,3 +1,79 @@
 personal_ws-1.1 en 10000 utf-8
+Acunetix
+Aeón
+Aereal
+AFL
+anonymization
+backdoors
+blockchain
+Captcha
+Checkmarx
+codebase
+Crypto
+cryptocurrencies
+cryptocurrency
+cryptographic
+Cybersecurity
+dapp
+DAST
+DeFi
+Devops
+DevSecOps
+DNS
+DNSSEC
+Dyno
+EOA
+EOAs
 Ethereum
+Etherscan
+executables
+Fernández
+Fredrik
+Fuzzer
+Fuzzers
+Gapped
+GCP
+GDPR
+GPG
+HIPAA
+Integrations
+lifecycle
+LLVM
+Matías
+Mehdi
+multisig
+Multisignature
+Mythril
+Nano
+OWASP
+passcodes
+pseudonymization
+RBAC
+reentrancy
+SAST
+scalable
+Sebastián
+sexualized
+Shamir
+SIEM
+socio
+Solhint
 Solidity
+SonarQube
+SRE
+Svantes
+TLS
+Trezor
+underflows
+Unrekt
+Veracode
+VPC
+VPN
+WAF
+whitepapers
+WHOIS
+xkcd
+XSS
+Yubico
+Yubikey
+Zerouali