fixed minor spelling mistakes, unified wording

webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_Assignment.adoc

@@ -1,8 +1,8 @@
-== Try It! Using the Console
+== Try It! Using the console
 
-Let's try it. Use the console in the dev tools and call the javascript function *webgoat.customjs.phoneHome()*. +
+Let us try it. Use the console in the dev tools and call the javascript function *webgoat.customjs.phoneHome()*. +
 You should get a response in the console. Your result should look something like:
 `phone home said
 {"lessonCompleted:true, ... ,"output":"phone home response is..."`
 Paste the random number, after that, in the text field below.
-(Make sure you got the most recent number, since it's randomly generated each time you call the function)
+(Make sure you got the most recent number, since it is randomly generated each time you call the function)

webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_Assignment_Network.adoc

@@ -1,6 +1,6 @@
-== Try It! Working with the Network Tab
+== Try It! Working with the Network tab
 
-In this Assignment you need to find a specific HTTP request and read a randomized number from it.
-To start click the first button, this wil generate an HTTP Request. Try to find the specific HTTP request.
+In this assignment you need to find a specific HTTP request and read a randomized number from it.
+To start click the first button, this wil generate an HTTP request. Try to find the specific HTTP request.
 The request should contain a field: `magic_num:`
 Copy the number which is displayed afterwards, into the input field below and click on the check button.

webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_console.adoc

@@ -1,8 +1,8 @@
 == The Console tab
 
 In the console tab you can see anything, which a loaded JavaScript file may have printed out to it.
-Don't worry if you see something in red. While that is an error, it has probably resolved itself.
-Through the console tab, it is also possible for you to run your own line of javascript code.
+Do not worry if you see something in red. While that is an error, it has probably resolved itself.
+Through the console tab, it is also possible for you to run your own line of JavaScript code.
 
 Start by clearing console using the shortcut `CTRL+L`.
 
@@ -12,6 +12,6 @@ The console also allows you to do some basic arithmetic. If you type for example
 enter the console should display 4.
 
 Note: You may see an `undefined` in the console. You can safely  ignore this statement,
-it only means, that the JavaScript function you have called did not return anything, therefor `undefined`.
+it only means, that the JavaScript function you have called did not return anything, therefore `undefined`.
 
 image::images/ChromeDev_Console_Ex.jpg[DeveloperToolsConsoleExample,500,500,style="lesson-image"]

webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_elements.adoc

@@ -1,19 +1,19 @@
 == The Elements Tab
 
-The elements tab allows you to look at the HTML and CSS code, that are used to define and style the Website.
+The elements tab allows you to look at the HTML and CSS code, that are used to define and style the website.
 
-=== HTML Source
+=== HTML source
 
 If you hover over one line you can see that a part of the website turns blue. That means that
-this particular HTML line defines this section of the Website.
+this particular HTML line defines this section of the website.
 The elements tab allows you to make changes to every single HTML element. For example if you click inside
-a Paragraph (<p>...</p>) Tag you can edit the content of the website. If you have made your changes and then click enter
+a paragraph (<p>...</p>) Tag you can edit the content of the website. If you have made your changes and then click enter
 Chrome will actually update the website to show your edits. You can also change the HTML Tag used,
 the classes and id's a tag has and much more.
 
 image::images/ChromeDev_Elements.jpg[DeveloperToolsElements,500,350,style="lesson-image"]
 
-=== CSS Source
+=== CSS source
 
 Underneath the HTML source, you can find information about the CSS which is used to style the
 Website. Like the HTML, you can also edit the CSS and therefore adjust the styling of the website.

webgoat-lessons/cia/src/main/resources/i18n/WebGoatLabels.properties

@@ -1 +1 @@
-cia.title=CIA Triad
+cia.title=CIA triad

webgoat-lessons/client-side-filtering/src/main/resources/i18n/WebGoatLabels.properties

@@ -10,7 +10,7 @@ ClientSideFilteringStage1Complete=Stage 1 completed.
 ClientSideFilteringStage1Question=What is Neville Bartholomew's salary? 
 ClientSideFilteringStage1SubmitAnswer=Submit Answer
 ClientSideFilteringStage2Finish=Click here when you believe you have completed the lesson.
-ClientSideFilteringChoose=Choose Employee
+ClientSideFilteringChoose=Choose employee
 ClientSideFilteringHint1=The information displayed when an employee is chosen from the drop down menu is stored on the client side.
 ClientSideFilteringHint2=Use Firebug to find where the information is stored on the client side.
 ClientSideFilteringHint3=Examine the hidden table to see if there is anyone listed who is not in the drop down menu.
@@ -27,6 +27,6 @@ ClientSideFilteringInstructions1=STAGE 1: You are logged in as Moe Stooge, CSO o
 ClientSideFilteringInstructions2=STAGE 2: Now, fix the problem.  Modify the server to only return results that Moe Stooge is allowed to see.
 ClientSideFiltering.incorrect=This is not the salary from Neville Bartholomew...
 
-client.side.filtering.free.hint1=Look through the webpage inspect the sources etc
+client.side.filtering.free.hint1=Look through the web page inspect the sources etc
 client.side.filtering.free.hint2=Try to see the flow of request from the page to the backend
 client.side.fiterling.free.hint3=One of the responses contains the answer

webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_assignment.adoc

@@ -1,5 +1,5 @@
 == Salary manager
 
 You are logged in as Moe Stooge, CSO of Goat Hills Financial. You have access to everyone in the company's information,
-except the CEO, Neville Bartholomew.  Or at least you shouldn't have access to the CEO's information. For this assignment,
+except the CEO, Neville Bartholomew.  Or at least you should not have access to the CEO's information. For this assignment,
 examine the contents of the page to see what extra information you can find.

webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_plan.adoc

@@ -1,4 +1,4 @@
-== Client Side Filtering
+== Client side filtering
 
 It is always a good practice to send to the client only information which they are supposed
 to have access to.  In this lesson, too much information is being sent to the client, creating

webgoat-lessons/cross-site-scripting/src/main/resources/i18n/WebGoatLabels.properties

@@ -2,38 +2,38 @@
 xss.title=Cross Site Scripting
 xss-stored.title=Cross Site Scripting (stored)
 xss-mitigation.title=Cross Site Scripting (mitigation)
-xss-reflected-5a-success-alert=Well done, but alerts aren't very impressive are they? Please continue.
-xss-reflected-5a-success-console=Well done, but console logs aren't very impressive are they? Please continue.
+xss-reflected-5a-success-alert=Well done, but alerts are not very impressive are they? Please continue.
+xss-reflected-5a-success-console=Well done, but console logs are not very impressive are they? Please continue.
 xss-reflected-5a-failed-wrong-field=Seems like you tried to compromise our shop with an reflected XSS attack.<br/> We do our... "best"... to prevent such attacks. Try again!
-xss-reflected-5a-failure=Try again. We do want to see this specific javascript (in case you are trying to do something more fancy).
+xss-reflected-5a-failure=Try again. We do want to see this specific JavaScript (in case you are trying to do something more fancy).
 xss-reflected-5a-hint-1=Think about how the inputs are presumably processed by the application.
 xss-reflected-5a-hint-2=Quantity inputs are probably processed as integer values. Not the best option for inputting text right?
 xss-reflected-5a-hint-3=What information send to the application gets reflected back after being submitted?
 xss-reflected-5a-hint-4=Just try purchasing something. You want your script to be included in the purchase-confirmation.
-xss-reflected-5b-success=Correct ... because <ul><li>The script was not triggered by the URL/QueryString</li><li>Even if you use the attack URL in a new tab, it won't execute (becuase of response type). Try it if you like.</li></ul>
+xss-reflected-5b-success=Correct ... because <ul><li>The script was not triggered by the URL/QueryString</li><li>Even if you use the attack URL in a new tab, it will not execute (because of response type). Try it if you like.</li></ul>
 xss-reflected-6a-success=Correct! Now, see if you can send in an exploit to that route in the next assignment.
-xss-reflected-6a-failure=Sorry that's not correct. Look at the example again to understand what a valid route looks like. If you're stuck... hints might help.
+xss-reflected-6a-failure=Sorry that is not correct. Look at the example again to understand what a valid route looks like. If you're stuck... hints might help.
 xss-reflected-6a-hint-1=To search through the client side code, use the developer tools of your browser. (If you don't know how to use them, check the <i>Developer Tools</i> Lesson in the general category.)
 xss-reflected-6a-hint-2=Since you are looking for application code, check the WebGoat/js/goatApp folder for a file that could handle the routes.
 xss-reflected-6a-hint-3=Make sure you add the base route at the start, when submitting your solution.
-xss-reflected-6a-hint-4=Still didn't find it? Check the <a href="/WebGoat/js/goatApp/view/GoatRouter.js" target="_blank">GoatRouter.js</a> file. It should be pretty easy to determine.
+xss-reflected-6a-hint-4=Still did not find it? Check the <a href="/WebGoat/js/goatApp/view/GoatRouter.js" target="_blank">GoatRouter.js</a> file. It should be pretty easy to determine.
 xss.lesson1.failure=Are you sure? Try using a tab from a different site.
-xss-dom-message-success=Correct, I hope you didn't cheat, using the console!
+xss-dom-message-success=Correct, I hope you did not cheat, using the console!
 xss-dom-message-failure=Incorrect, keep trying. It should be obvious in the log when you are successful.
 xss-dom-message-hint-1=Open a new tab and navigate to the test-route you just figured out in the previous lesson.
 xss-dom-message-hint-2=Your url should look something like that http://localhost:8080/WebGoat/start.mvc#REPLACE-WITH-THE-TEST-ROUTE/some_parameters
-xss-dom-message-hint-3=Note how the parameters you send to the test-route get reflected back to the page. Now add your javascript to it.
-xss-dom-message-hint-4=You have to use script tags, so your javascript code gets executed when being rendered into the DOM.
-xss-dom-message-hint-5=Since you're working with an URL, you might have to URL-encode your parameters.
+xss-dom-message-hint-3=Note how the parameters you send to the test-route get reflected back to the page. Now add your JavaScript to it.
+xss-dom-message-hint-4=You have to use script tags, so your JavaScript code gets executed when being rendered into the DOM.
+xss-dom-message-hint-5=Since you are working with an URL, you might have to URL-encode your parameters.
 xss-dom-message-hint-6=Replace '/' with '%2F' in your URL parameters.
 xss-stored-comment-success=It appears your payload should invoke the function. To tell for sure, you need to capture the value and put it in the form below. Then we will really know.
-xss-stored-comment-failure=We can't see the payload in your submission, but XSS can be tricky. Look for the call back fired after the comments reload. If you see that and can put the correct value there and put it in, maybe you did succeed.
+xss-stored-comment-failure=We cannot see the payload in your submission, but XSS can be tricky. Look for the call back fired after the comments reload. If you see that and can put the correct value there and put it in, maybe you did succeed.
 xss-stored-callback-success=Yes, that is the correct value (note, it will be a different value each time the phoneHome endpoint is called).
 xss-stored-callback-failure=No, that is not the correct value (note, it will be a different value each time the phoneHome endpoint is called).
-xss-mitigation-3-hint1=You don't store the user input in this example. Try to encode the user's input right before you place it into the HTML document.
+xss-mitigation-3-hint1=You do not store the user input in this example. Try to encode the user's input right before you place it into the HTML document.
 xss-mitigation-3-hint2=Make use of JavaServer Pages Standard Tag Library (JSTL) and JSP Expression Language.
 xss-mitigation-3-hint3=Take a look at OWASP Java Encoder Project.
-xss-mitigation-3-hint4=Don't forget to reference the taglibs and choose "e" as prefix.
+xss-mitigation-3-hint4=Do not forget to reference the tag libs and choose "e" as prefix.
 xss-mitigation-3-success=You have completed this lesson. Congratulations!
 xss-mitigation-3-failure=This in not the correct answer. Try again!
-xss-mitigation-3-no-code=You didn't change anything.
+xss-mitigation-3-no-code=You did not change anything.

webgoat-lessons/cross-site-scripting/src/main/resources/js/questions_cross_site_scripting.json

@@ -2,42 +2,42 @@
   "questions": [{
     "text": "Are trusted websites immune to XSS attacks?",
     "solutions": {
-      "1": "Yes, they're safe because the browser checks the code before executing.",
-      "2": "Yes, because Google has got an algorithm that blocks malicious code.",
-      "3": "No, because the script that's executed will break through the browser's defense algorithm.",
-      "4": "No, because the browser trusts the website if it's acknowledged trusted, then the browser doesn't know that the script is malicious."
+      "1": "Yes they are safe because the browser checks the code before executing.",
+      "2": "Yes because Google has got an algorithm that blocks malicious code.",
+      "3": "No because the script that is executed will break through the defense algorithm of the browser.",
+      "4": "No because the browser trusts the website if it is acknowledged trusted, then the browser does not know that the script is malicious."
     }
   }, {
     "text": "When do XSS attacks occur?",
     "solutions": {
       "1": "Data enters a web application through a trusted source.",
       "2": "Data enters a browser application through the website.",
       "3": "The data is included in dynamic content that is sent to a web user without being validated for malicious content.",
-      "4": "The data is excluded in static content, that way it is sent without being validated."
+      "4": "The data is excluded in static content that way it is sent without being validated."
     }
   }, {
     "text": "What are Stored XSS attacks?",
     "solutions": {
       "1": "The script is permanently stored on the server and the victim gets the malicious script when requesting information from the server.",
-      "2": "The script stores itself on the victim's computer and executes locally the malicious code.",
-      "3": "The script stores a virus on the victim's computer. The attacker can perform various actions now.",
+      "2": "The script stores itself on the computer of the victim and executes locally the malicious code.",
+      "3": "The script stores a virus on the computer of the victim. The attacker can perform various actions now.",
       "4": "The script is stored in the browser and sends information to the attacker."
     }
   }, {
     "text": "What are Reflected XSS attacks?",
     "solutions": {
       "1": "Reflected attacks reflect malicious code from the database to the web server and then reflect it back to the user.",
       "2": "They reflect the injected script off the web server. That occurs when input sent to the web server is part of the request.",
-      "3": "Reflected attacks reflect from the server's firewall off to the database where the user requests information from.",
+      "3": "Reflected attacks reflect from the firewall off to the database where the user requests information from.",
       "4": "Reflected XSS is an attack where the injected script is reflected off the database and web server to the user."
     }
   }, {
-    "text": "Is Javascript the only way to perform XSS attacks?",
+    "text": "Is JavaScript the only way to perform XSS attacks?",
     "solutions": {
-      "1": "Yes, you can only make use of tags through Javascript.",
-      "2": "Yes, otherwise you can't steal cookies.",
-      "3": "No, there's ECMAScript too.",
-      "4": "No, there're many other ways. Like HTML, Flash or any other type of code that the browser executes."
+      "1": "Yes you can only make use of tags through JavaScript.",
+      "2": "Yes otherwise you cannot steal cookies.",
+      "3": "No there is ECMAScript too.",
+      "4": "No there are many other ways. Like HTML, Flash or any other type of code that the browser executes."
     }
   }]
 }

webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingMitigation_plan.adoc

@@ -7,7 +7,7 @@ you will know learn how you can defend against it.
 
 * The user will understand the best practices for defending against XSS injection attacks
 * The user will demonstrate knowledge on:
-** XSS Mitigation
+** XSS mitigation
 
 
 

webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingStored_plan.adoc

@@ -1,8 +1,8 @@
 == Concept 
 
-After taking a look at Reflected XSS in the previous lesson. We're now gonna take a closer look at another form of Cross Site Scripting Attack: Stored CSS.
+After taking a look at Reflected XSS in the previous lesson. We are now gonna take a closer look at another form of Cross-Site Scripting Attack: Stored XSS.
 
 == Goals
 * The user will learn what Stored XSS is
 * The user will demonstrate knowledge on:
-** Stored XSS Injection
+** Stored XSS injection

webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content1.adoc

@@ -1,17 +1,17 @@
-== What is XSS
+== What is XSS?
 
-Cross-site script (also commonly known as XSS) is a vulnerability/flaw that combines ...
+Cross-Site Scripting (also commonly known as XSS) is a vulnerability/flaw that combines ...
 # the allowance of html/script tags as input that are ...
-# rendred into a browser without encoding or sanitization
+# rendered into a browser without encoding or sanitization
 
-=== Cross site scripting (XSS) is the most prevalent and pernicious web application security issue
+=== Cross-Site Scripting (XSS) is the most prevalent and pernicious web application security issue
 
 While there is a simple well-known defense for this attack, there are still many instances of it on the web.  In terms of fixing it,
-coverage of fixes also tends to be a problem. We'll talk more about the defense in a little bit.
+coverage of fixes also tends to be a problem. We will talk more about the defense in a little bit.
 
-=== XSS has a significant impact
+=== XSS has significant impact
 
-Especially as 'Rich Internet Applications' are more and more common place, privileged function calls linked to via javascript may be compromised.
+Especially as 'Rich Internet Applications' are more and more common place, privileged function calls linked to via JavaScript may be compromised.
 And if not properly protected, sensitive data (such as your authentication cookies) can be stolen and used for someone else's purpose.
 
 
@@ -31,4 +31,4 @@ javascript:alert(document.cookie);
 == Try It!  Using Chrome or Firefox 
 
 * Open a second tab and use the same url as this page you are currently on (or any url within this instance of WebGoat)
-* Then, in the address bar on each tab, type `javascript:alert(document.cookie);` *NOTE:* If you /cut/paste you'll need to add the `javascript:` back in.
+* Then, in the address bar on each tab, type `javascript:alert(document.cookie);` *NOTE:* If you /cut/paste you will need to add the `javascript:` back in.

webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content2.adoc

@@ -1,4 +1,4 @@
-== Most Common Locations
+== Most common locations
 
 * Search fields that echo a search string back to the user
 

webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content3.adoc

@@ -1,4 +1,4 @@
-== Why Should We Care
+== Why should we care?
 
 === XSS attacks may result in
 * Stealing session cookies
@@ -15,5 +15,5 @@
 “>GoodYear recommends buying BridgeStone tires…
 ----
 
-=== XSS attacks add validity to Phishing attacks
+=== XSS attacks add validity to phishing attacks
 * A valid domain is used in the URL

webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content4.adoc

@@ -11,7 +11,7 @@
 * Similar to reflected XSS 
 * Runs with browser privileges inherited from user in browser
 
-=== Stored or Persistent
+=== Stored or persistent
 * Malicious content is stored on the server ( in a database, file system, or other object ) and later displayed to users in a web browser
 * Social engineering is not required
 

webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content5.adoc

@@ -1,4 +1,4 @@
-== Reflected XSS Scenario
+== Reflected XSS scenario
 
 * Attacker sends a malicious URL to victim 
 * Victim clicks on the link that loads malicious web page