Updates for Login to log in and logout to log out

submissions/description/automotive_security_misconfiguration/infotainment_radio_head_unit/default_credentials/template.md

@@ -8,7 +8,7 @@ Default credentials in the IVI system can result in reputational damage and indi
 
 1. Port scan the IVI unit by leveraging {{application}} and {{hardware}}
 1. Bruteforce default credentials on exposed service(s)
-1. Login to service(s) and run {{action}}
+1. Log in to service(s) and run {{action}}
 1. Observe that {{action}} occurs as a result
 
 **Proof of Concept (PoC)**

submissions/description/broken_access_control/exposed_sensitive_android_intent/template.md

@@ -9,7 +9,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t
 
 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
 1. Use a browser to navigate to: {{URL}}
-1. Login to an account that should not be able to perform {{action}}
+1. Log in to an account that should not be able to perform {{action}}
 1. Forward the following request to the endpoint:
 
 ```HTTP
@@ -20,6 +20,6 @@ This vulnerability can lead to reputational damage and indirect financial loss t
 
 **Proof of Concept (PoC)**
 
-The screenshot below demonstrates the broken access control:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/broken_access_control/exposed_sensitive_ios_url_scheme/template.md

@@ -10,7 +10,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t
 
 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
 1. Use a browser to navigate to: {{URL}}
-1. Login to an account that should not be able to perform {{action}}
+1. Log in to an account that should not be able to perform {{action}}
 1. Forward the following request to the endpoint:
 
 ```HTTP
@@ -21,6 +21,6 @@ This vulnerability can lead to reputational damage and indirect financial loss t
 
 **Proof of Concept (PoC)**
 
-The screenshot below demonstrates the broken access control:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/broken_access_control/idor/modify_sensitive_information_iterable_object_identifiers/template.md

@@ -7,7 +7,7 @@ IDOR can lead to reputational damage for the business through the impact to cust
 **Steps to Reproduce**
 
 1. Use a browser to navigate to: {{URL}}
-1. Login to User Account A
+1. Log in to User Account A
 1. In the URL bar, modify the parameter to a different value:
 
 {{eg.<https://example.com/parameter(UserAccountB)>}}

submissions/description/broken_access_control/idor/modify_view_sensitive_information_guid/template.md

@@ -7,7 +7,7 @@ IDOR can lead to reputational damage for the business through the impact to cust
 **Steps to Reproduce**
 
 1. Use a browser to navigate to: {{URL}}
-1. Login to User Account A
+1. Log in to User Account A
 1. In the URL bar, modify the parameter to a different value:
 
 {{eg.<https://example.com/parameter(UserAccountB)>}}

submissions/description/broken_access_control/idor/modify_view_sensitive_information_iterable_object_identifiers/template.md

@@ -7,7 +7,7 @@ IDOR can lead to reputational damage for the business through the impact to cust
 **Steps to Reproduce**
 
 1. Use a browser to navigate to: {{URL}}
-1. Login to User Account A
+1. Log in to User Account A
 1. In the URL bar, modify the parameter to a different value:
 
 {{eg.<https://example.com/parameter(UserAccountB)>}}

submissions/description/broken_access_control/idor/template.md

@@ -7,7 +7,7 @@ IDOR can lead to indirect financial loss through an attacker accessing, deleting
 **Steps to Reproduce**
 
 1. Use a browser to navigate to: {{URL}}
-1. Login to User Account A
+1. Log in to User Account A
 1. In the URL bar, modify the parameter to a different value:
 
 {{eg.<https://example.com/parameter(UserAccountB)>}}

submissions/description/broken_access_control/idor/view_non_sensitive_information/template.md

@@ -7,7 +7,7 @@ IDOR can result in reputational damage for the business through the impact to cu
 **Steps to Reproduce**
 
 1. Use a browser to navigate to: {{URL}}
-1. Login to User Account A
+1. Log in to User Account A
 1. In the URL bar, modify the parameter to a different value:
 
 {{eg.<https://example.com/parameter(UserAccountB)>}}

submissions/description/broken_access_control/idor/view_sensitive_information_iterable_object_identifiers/template.md

@@ -7,7 +7,7 @@ IDOR can lead to reputational damage for the business through the impact to cust
 **Steps to Reproduce**
 
 1. Use a browser to navigate to: {{URL}}
-1. Login to User Account A
+1. Log in to User Account A
 1. In the URL bar, modify the parameter to a different value:
 
 {{eg.<https://example.com/parameter(UserAccountB)>}}

submissions/description/broken_access_control/privilege_escalation/template.md

@@ -8,7 +8,7 @@ The impact of this vulnerability can vary in severity depending on the degree of
 
 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
 1. Use a browser to navigate to: {{URL}}
-1. Login to User Account A
+1. Log in to User Account A
 1. Using the HTTP interception proxy, forward the following request to the endpoint:
 
 ```HTTP

submissions/description/broken_access_control/template.md

@@ -8,7 +8,7 @@ Broken access controls can lead to financial loss through an attacker accessing,
 
 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
 1. Use a browser to navigate to: {{URL}}
-1. Login to an account that should not be able to perform {{action}}
+1. Log in to an account that should not be able to perform {{action}}
 1. Forward the following request to the endpoint:
 
 ```HTTP
@@ -19,6 +19,6 @@ Broken access controls can lead to financial loss through an attacker accessing,
 
 **Proof of Concept (PoC)**
 
-The screenshot below demonstrates the broken access control:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/broken_authentication_and_session_management/authentication_bypass/template.md

@@ -8,14 +8,12 @@ Authentication bypass can lead to data loss or theft through an attacker's acces
 
 **Steps to Reproduce**
 
-1. Navigate to: {{URL}} and login as a regular user
+1. Navigate to: {{URL}} and log in as a regular user
 1. In the URL, change the `/user` to `/user/administrator`
 1. Observe that the application now allows the user to view other user's profile details. These actions are usually restricted to an authenticated user
 
 **Proof of Concept (PoC)**
 
-The following image(s) show the full exploit:
-
-{{screenshot}}
-
-An attacker can bypass authentication or break session management to access the application's data.
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/broken_authentication_and_session_management/concurrent_logins/template.md

@@ -7,12 +7,12 @@ This vulnerability can lead to reputational damage and indirect financial loss t
 **Steps to Reproduce**
 
 1. Use a browser to navigate to: {{URL}}
-1. Login to the application
-1. Using an incognito tab or another browser, login using the same credentials
+1. Log in to the application
+1. Using an incognito tab or another browser, log in using the same credentials
 1. Observe that both sessions remain valid
 
 **Proof of Concept (PoC)**
 
-The screenshots below show the concurrent logins:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/all_sessions/template.md

@@ -10,14 +10,14 @@ This vulnerability can lead to reputational damage and indirect financial loss t
 
 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
 1. Use a browser to navigate to: {{URL}}
-1. Sign into a user’s account
+1. Log in to a user’s account
 1. Capture any authenticated request
-1. Logout of the application
+1. Log out of the application
 1. Replay the request using the HTTP interception proxy
 1. Observe that the application responds to the request
 
 **Proof of Concept (PoC)**
 
-The screenshot below shows the the application failing to invalidate the session:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/on_email_change/template.md

@@ -10,15 +10,15 @@ This vulnerability can lead to reputational damage and indirect financial loss t
 
 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
 1. Use a browser to navigate to: {{URL}}
-1. Sign into a user’s account
+1. Log in to a user’s account
 1. Capture any authenticated request
 1. Change the email address associated with the account
-1. Logout of the application
+1. Log out of the application
 1. Replay the request using the HTTP interception proxy
 1. Observe that the application responds to the request
 
 **Proof of Concept (PoC)**
 
-The screenshot below shows the the application failing to invalidate the session:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/broken_authentication_and_session_management/session_fixation/remote_attack_vector/template.md

@@ -8,15 +8,15 @@ This vulnerability could lead to data theft through the attacker’s ability to
 
 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
 1. Use a browser to navigate to: {{URL}}
-1. Sign into a user’s account
+1. Log in to a user’s account
 1. Perform {{action}} to see the session token in the URL or form field:
 
 {{screenshot}}
 
-1. Perform {{action}} to send the request in an incognito browser and login using the same user credentials
+1. Perform {{action}} to send the request in an incognito browser and log in using the same user credentials
 
 **Proof of Concept (PoC)**
 
-The screenshot(s) below shows the full exploit:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/cross_site_request_forgery_csrf/action_specific/template.md

@@ -11,7 +11,7 @@ CSRF could lead to data theft through the attacker’s ability to manipulate dat
 **Steps to Reproduce**
 
 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
-1. Use a browser to login to the application at: {{URL}}
+1. Use a browser to log in to the application at: {{URL}}
 1. Navigate to the following URL and submit the form: {{URL}}
 1. Use the HTTP interception proxy to intercept the request triggered by the form
 1. Modify the request with the following CSRF POC code:

submissions/description/cross_site_scripting_xss/cookie_based/template.md

@@ -9,7 +9,7 @@ XSS could lead to data theft through the attacker’s ability to manipulate data
 **Steps to Reproduce**
 
 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
-1. Use a browser to navigate to the following URL and login: {{URL}}
+1. Use a browser to navigate to the following URL and log in: {{URL}}
 1. Update the local storage on your browser to contain the cookie: {{parameter}}
 1. Forward the following request to the endpoint:
 
@@ -21,6 +21,6 @@ XSS could lead to data theft through the attacker’s ability to manipulate data
 
 **Proof of Concept (PoC)**
 
-Below is a screenshot demonstrating the injected JavaScript executing:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/cross_site_scripting_xss/flash_based/template.md

@@ -9,7 +9,7 @@ Flash-based XSS could lead to data theft through the attacker’s ability to man
 **Steps to Reproduce**
 
 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
-1. Use a browser to navigate to the following URL and login: {{URL}}
+1. Use a browser to navigate to the following URL and log in: {{URL}}
 1. Upload the following flash file: {{.SWF}}
 1. Forward the following request to the endpoint:
 
@@ -21,6 +21,6 @@ Flash-based XSS could lead to data theft through the attacker’s ability to man
 
 **Proof of Concept (PoC)**
 
-Below is a screenshot demonstrating the injected JavaScript executing:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/cross_site_scripting_xss/reflected/self/template.md

@@ -9,7 +9,7 @@ Self-reflected XSS could lead to data theft through the attacker’s ability to
 **Steps to Reproduce**
 
 1. Use a browser to navigate to: {{URL}}
-1. Login as a user
+1. Log in as a user
 1. Insert the following JavaScript payload:
 
 ```JavaScript

submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md

@@ -18,12 +18,12 @@ Stored XSS could lead to data theft through the attacker’s ability to manipula
 {{request}}
 ```
 
-1. Log into a privileged account (User A) and navigate to {{url}} which contains the payload
+1. Log in to a privileged account (User A) and navigate to {{url}} which contains the payload
 1. Observe the JavaScript payload being executed, capturing the cookies of User A
-1. Logout of User A’s account
+1. Log out of User A’s account
 
 **Proof of Concept (PoC)**
 
-Below is a screenshot demonstrating the injected JavaScript executing at the vulnerable endpoint, {{URL}}:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/cross_site_scripting_xss/stored/self/template.md

@@ -9,7 +9,7 @@ Self-stored XSS could lead to data theft through the attacker’s ability to man
 **Steps to Reproduce**
 
 1. Use a browser to navigate to: {{URL}}
-1. Login as a user
+1. Log in as a user
 1. Insert the following JavaScript payload:
 
 ```JavaScript

submissions/description/external_behavior/browser_feature/autocomplete_enabled/template.md

@@ -1,4 +1,4 @@
-Browsers implement features such as autocomplete to offer form filling features for end users. Autocomplete is an HTML attribute that saves previously entered text within the input Document Object Model (DOM) fields. An attacker can leverage the cached input for this application locally to login as a user or expose critical pieces of data.
+Browsers implement features such as autocomplete to offer form filling features for end users. Autocomplete is an HTML attribute that saves previously entered text within the input Document Object Model (DOM) fields. An attacker can leverage the cached input for this application locally to log in as a user or expose critical pieces of data.
 
 **Business Impact**
 
@@ -13,6 +13,6 @@ This vulnerability can lead to reputational damage and indirect financial loss t
 
 **Proof of Concept (PoC)**
 
-The screenshots below demonstrate the autocomplete enabled:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/external_behavior/browser_feature/autocorrect_enabled/template.md

@@ -1,4 +1,4 @@
-Browsers implement features such as autocorrect to offer predictive spelling and grammar features for end users. The applications implementation of autocorrect for sensitive fields can enable an attacker with local access to login as a user, or leverage critical pieces of information to impersonate the user or make requests on their behalf.
+Browsers implement features such as autocorrect to offer predictive spelling and grammar features for end users. The applications implementation of autocorrect for sensitive fields can enable an attacker with local access to log in as a user, or leverage critical pieces of information to impersonate the user or make requests on their behalf.
 
 **Business Impact**
 
@@ -14,6 +14,6 @@ This vulnerability can lead to reputational damage and indirect financial loss t
 
 **Proof of Concept (PoC)**
 
-The screenshots below demonstrate the autocorrect enabled on a sensitive field:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/external_behavior/browser_feature/plaintext_password_field/template.md

@@ -1,4 +1,4 @@
-The password field for the login form of the application reveals the password in plaintext. An attacker with local access can shoulder surf or otherwise tailgate a user and watch them login to the application. From here, an attacker could login as a user to impersonate them or make requests on their behalf.
+The password field for the login form of the application reveals the password in plaintext. An attacker with local access can shoulder surf or otherwise tailgate a user and watch them log in to the application. From here, an attacker could log in as a user to impersonate them or make requests on their behalf.
 
 **Business Impact**
 
@@ -14,6 +14,6 @@ This vulnerability can lead to reputational damage and indirect financial loss t
 
 **Proof of Concept (PoC)**
 
-The screenshots below demonstrate the password field rendering in plaintext:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/external_behavior/browser_feature/save_password/template.md

@@ -8,11 +8,11 @@ This vulnerability can lead to reputational damage and indirect financial loss t
 
 1. Use a browser to navigate to: {{URL}}
 1. Enter username and password within the login form and submit
-1. Logout of application and navigate back to the login page
+1. Log out of application and navigate back to the login page
 1. Observe that the username and password is saved
 
 **Proof of Concept (PoC)**
 
-The screenshots below demonstrate the password saved in the input field:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/external_behavior/user_password_persisted_in_memory/template.md

@@ -1,4 +1,4 @@
-The user’s password is kept in memory after the application has ceased utilizing it. An attacker can abuse this to read the user password in memory and login as the user, impersonate them, or make requests on their behalf.
+The user’s password is kept in memory after the application has ceased utilizing it. An attacker can abuse this to read the user password in memory and log in as the user, impersonate them, or make requests on their behalf.
 
 **Business Impact**
 
@@ -14,6 +14,6 @@ This vulnerability can lead to reputational damage for the business due to a los
 
 **Proof of Concept (PoC)**
 
-You can observe the plaintext password that remained in memory after utilization below:
-
-{{screenshot}}
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}