diff --git a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md
index df1e9d066..86b282cd3 100644
--- a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md
+++ b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md
@@ -1,3 +1,5 @@
+
+
# What are Application Security Risks?
Attackers can potentially use many different paths through your application to do harm to your business or organization. Each of these ways poses a potential risk that needs to be investigated.
@@ -9,46 +11,34 @@ Attackers can potentially use many different paths through your application to d
Threat Agents
- Attack \
-Vectors
+ Attack Vectors
Exploitability
- Likelihood of Missing Security
-
-
- Controls
+ Likelihood of Missing Security Controls
- Technical
-
-
- Impacts
+ Technical Impacts
- Business
-
-
- Impacts
+ Business Impacts
- By environment, \
-dynamic by situation picture
+ By environment, dynamic by situation picture
+
- By Application exposure (by environment
+ By Application exposure (by environment)
Avg Weighted Exploit
- Missing Controls \
-by average Incidence rate \
-Weighed by coverage
+ Missing Controls by average incidence rate weighted by coverage
Avg Weighted Impact
@@ -60,7 +50,8 @@ Weighed by coverage
-In our Risk Rating we have taken into account the universal parameters of exploitability, average likelihood of missing security controls for a weakness and its technical impacts.
+In our Risk Rating, we have taken into account the universal parameters of exploitability
+, average likelihood of missing security controls for a weakness and its technical impacts.
Each organization is unique, and so are the threat actors for that organization, their goals, and the impact of any breach. If a public interest organization uses a content management system (CMS) for public information and a health system uses that same exact CMS for sensitive health records, the threat actors and business impacts can be very different for the same software. It is critical to understand the risk to your organization based on the exposure of the application, the applicable threat agents by situation picture (for targeted and undirected attacks by business and location) and the individual business impacts.
diff --git a/2025/docs/en/A06_2025-Insecure_Design.md b/2025/docs/en/A06_2025-Insecure_Design.md
index aaf212113..8981e4b06 100644
--- a/2025/docs/en/A06_2025-Insecure_Design.md
+++ b/2025/docs/en/A06_2025-Insecure_Design.md
@@ -89,7 +89,7 @@ Often self-responsibility of developers is underappreciated. Foster a culture of
* Establish and use a secure development lifecycle with AppSec professionals to help evaluate and design security and privacy-related controls
* Establish and use a library of secure design patterns or paved-road components
* Use threat modeling for critical parts of the application such as authentication, access control, business logic, and key flows
-* User threat modeling as an educational tool to generate a security mindset
+* Use threat modeling as an educational tool to generate a security mindset
* Integrate security language and controls into user stories
* Integrate plausibility checks at each tier of your application (from frontend to backend)
* Write unit and integration tests to validate that all critical flows are resistant to the threat model. Compile use-cases *and* misuse-cases for each tier of your application.