Merge pull request shieldfy#12 from darshan-/master

Fixed spelling (sensetive -> sensitive)
wahomins · Jul 9, 2017 · ed503aa · ed503aa
2 parents ccbf6c2 + 53ea697
commit ed503aa
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -30,7 +30,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Validate `content-type` on request Accept header ( Content Negotiation ) to allow only your supported format (e.g. `application/xml` , `application/json` ... etc) and respond with `406 Not Acceptable` response if not matched.
 - [ ] Validate `content-type` of posted data as you accept (e.g. `application/x-www-form-urlencoded` , `multipart/form-data ,application/json` ... etc ).
 - [ ] Validate User input to avoid common vulnerabilities (e.g. `XSS`, `SQL-Injection` , `Remote Code Execution` ... etc).
-- [ ] Don't use any sensetive data ( `credentials` , `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
+- [ ] Don't use any sensitive data ( `credentials` , `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
 
 ## PROCESSING
 - [ ] Check if all endpoint protected behind the authentication to avoid broken authentication.
@@ -47,7 +47,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Send `X-Frame-Options: deny` header.
 - [ ] Send `Content-Security-Policy: default-src 'none'` header.
 - [ ] Force `content-type` for your response , if you return `application/json` then your response `content-type` is `application/json`.
-- [ ] Don't return sensetive data like `credentials` , `Passwords`, `security tokens`.
+- [ ] Don't return sensitive data like `credentials` , `Passwords`, `security tokens`.
 - [ ] Return the proper status code according to the operation completed. (e.g. `200 OK` , `400 Bad Request` , `401 Unauthorized`, `405 Method Not Allowed` ... etc).