Fix typos (#29)

kianmeng · web-flow · commit af06249f6cfd · 2022-09-02T07:24:28.000-07:00
Found via `codespell .`
diff --git a/modules/1-introduction.livemd b/modules/1-introduction.livemd
@@ -36,9 +36,9 @@ Spread throughout the Training material, you will find sections labeled <span st
 
 ### Auto-grader
 
-Meticulous care has been put into the <span style="color:red;">**Quiz**</span> questions thus far in order to allow for programmatic grading of answers. This has been done to accomodate the usage of these Training materials en masse for organizations to level up the entirety of their Engineering teams.
+Meticulous care has been put into the <span style="color:red;">**Quiz**</span> questions thus far in order to allow for programmatic grading of answers. This has been done to accommodate the usage of these Training materials en masse for organizations to level up the entirety of their Engineering teams.
 
-As such, each <span style="color:red;">**Quiz**</span> question is very specific about what to change and what not to change in the code sample - this is to maintain the integrity of the grader and provide immediate feedback to the taker if they succeeded or not. **Please do not unneccessarily change the code examples more than what is asked of you in the question!**
+As such, each <span style="color:red;">**Quiz**</span> question is very specific about what to change and what not to change in the code sample - this is to maintain the integrity of the grader and provide immediate feedback to the taker if they succeeded or not. **Please do not unnecessarily change the code examples more than what is asked of you in the question!**
 
 ## Training Modules
 
diff --git a/modules/2-owasp.livemd b/modules/2-owasp.livemd
@@ -139,7 +139,7 @@ Notable CWEs included are CWE-79: Cross-site Scripting, CWE-89: SQL Injection, a
 
 * Don't blindly trust user input.
 * Use an allowlist if functionality permits.
-  * Denylists are an acceptable ancilliary protection, but they should not be the only form of protection for user input as there is no way to unilaterally protect against all malicious input possibilities.
+  * Denylists are an acceptable ancillary protection, but they should not be the only form of protection for user input as there is no way to unilaterally protect against all malicious input possibilities.
 * Use a safe API, namely use the [Ecto](https://hexdocs.pm/ecto/Ecto.html) library as its queries use parameterized inputs by default.
 * Use server-side input validation.
   * This is not a complete defense as many applications require special characters, such as text areas or APIs for mobile applications.
@@ -210,7 +210,7 @@ Notable CWEs included are CWE-16 Configuration and CWE-611 Improper Restriction
 
 ### Description
 
-Vulnerable Components are a known issue that we struggle to test and assess risk of. Purely having outdated components does not inherently open you up to exploitation, but the likelihood is increased (moreso if there is an identified vulnerability associated with a component).
+Vulnerable Components are a known issue that we struggle to test and assess risk of. Purely having outdated components does not inherently open you up to exploitation, but the likelihood is increased (more so if there is an identified vulnerability associated with a component).
 
 You are likely vulnerable:
 
@@ -329,7 +329,7 @@ Notable CWES include CWE-778 Insufficient Logging to include CWE-117 Improper Ou
 ### Prevention
 
 * Ensure all login, access control, and server-side input validation failures can be logged with sufficient user context to identify suspicious or malicious accounts and held for enough time to allow delayed forensic analysis.
-  * Do not add unneccessary PII/PHI to logs - only the bare minimum needed to establish context.
+  * Do not add unnecessary PII/PHI to logs - only the bare minimum needed to establish context.
 * Ensure that logs are generated in a format that log management solutions can easily consume.
 * Ensure log data is encoded correctly to prevent injections or attacks on the logging or monitoring systems.
 * Ensure high-value transactions have an audit trail with integrity controls to prevent tampering or deletion, such as append-only database tables or similar.
diff --git a/modules/3-ssdlc.livemd b/modules/3-ssdlc.livemd
@@ -17,7 +17,7 @@ Welcome to Part 3! This section is dedicated to discussing some of the more abst
 
 While it may seem obvious, having secrets such as passwords or auth_tokens hard coded in your files is a big yikes! Even if you catch it later, more than likely your code has been uploaded to a Version Control System and is now in your commit history - which can be [scary / difficult to undo](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository).
 
-More than that, while it may be convienent for testing / building typically in production you don't care about those secrets anyways - so you might as well incorporate them securely from the get go!
+More than that, while it may be convenient for testing / building typically in production you don't care about those secrets anyways - so you might as well incorporate them securely from the get go!
 
 ### Prevention
 
diff --git a/modules/5-elixir.livemd b/modules/5-elixir.livemd
@@ -105,7 +105,7 @@ Plainly speaking, response time it takes to compute a given function measured at
 
 This technique is primarily used to analyze string comparisons of secret values to brute-force the identify of the secret.
 
-e.g. When comparing two strings, the function exits when variation is detected. Take a secret value `MY_SECRET` and a user input `MY_PASSWORD`, the string compariosn (`MY_PASSWORD == MY_SECRET`) would go character by character until there's a complete match or a discrepency. So if the new input was `MY_SAUCE`, that new string would take marginally longer to compare against the secret than `MY_PASSWORD` because of one more similar character as `MY_SECRET`.
+e.g. When comparing two strings, the function exits when variation is detected. Take a secret value `MY_SECRET` and a user input `MY_PASSWORD`, the string compariosn (`MY_PASSWORD == MY_SECRET`) would go character by character until there's a complete match or a discrepancy. So if the new input was `MY_SAUCE`, that new string would take marginally longer to compare against the secret than `MY_PASSWORD` because of one more similar character as `MY_SECRET`.
 
 ### Prevention
 
diff --git a/modules/9-secure-road.livemd b/modules/9-secure-road.livemd
@@ -42,7 +42,7 @@ In the event of a token exposure in situation B, you would simple have to rotate
 
 ## Example: User Authorization
 
-Consider a system that utilizes [Role Based Access Control](https://auth0.com/docs/manage-users/access-control/rbac) as its users authorization paradigm. When building out new product functionality that you only want the most priviledged role type(s) to be able to perform, would it be better to:
+Consider a system that utilizes [Role Based Access Control](https://auth0.com/docs/manage-users/access-control/rbac) as its users authorization paradigm. When building out new product functionality that you only want the most privileged role type(s) to be able to perform, would it be better to:
 
 A) Create an allowlist with explicitly approved roles defined that is checked against when a request comes through or;
 
