Merge pull request #117 from tspascoal/main

david-a-wheeler · web-flow · commit 82571fd4dd16 · 2023-03-09T13:35:50.000-05:00
Fix minor typos.
diff --git a/google-doc.md b/google-doc.md
@@ -4,4 +4,4 @@ where this material was originally created.
 
 Please justify why you need it this unusual access; you almost certainly don't need it, since the content is the same.
 If you want to propose changes to the content, the preferred mechanism is
-via issues and pull requests bia GitHub.
+via issues and pull requests via GitHub.
diff --git a/secure_software_development_fundamentals.md b/secure_software_development_fundamentals.md
@@ -2418,7 +2418,7 @@ but experience shows that the mistake *will* happen.
 
 > 😱 STORY TIME: Heartland Payment Systems / SQL Injection
 
-> In late 2007 attackers used a SQL injection attack to compromise the database of Heartland Payment Systems (aka "Heartland"). At the time Heartland processed 100 millino payment card transactions per month for 175,000 merchants. The attackers used the SQL injection to insert code into Web scripts used by the Web login page. The attackers eventually used this accept to install a spyware program called a 'sniffer' that captured the card data as payments were processed for several months in 2008. As a result, Heartland temporarily lost its compliance with the Payment Card Industry Data Security Standard (PCI DSS), which was required to implement their core business of processing card payments. Heartland reportedly had to pay $145 million in compensation for fraudulent payments (["Data Breach Directions: What to Do After an Attack" by Diane Ritchey](https://www.securitymagazine.com/articles/86071-data-breach-directions-what-to-do-after-an-attack)). They have since taken many steps to make their systems stronger and more robust to try to prevent a recurrence.
+> In late 2007 attackers used a SQL injection attack to compromise the database of Heartland Payment Systems (aka "Heartland"). At the time Heartland processed 100 million payment card transactions per month for 175,000 merchants. The attackers used the SQL injection to insert code into Web scripts used by the Web login page. The attackers eventually used this accept to install a spyware program called a 'sniffer' that captured the card data as payments were processed for several months in 2008. As a result, Heartland temporarily lost its compliance with the Payment Card Industry Data Security Standard (PCI DSS), which was required to implement their core business of processing card payments. Heartland reportedly had to pay $145 million in compensation for fraudulent payments (["Data Breach Directions: What to Do After an Attack" by Diane Ritchey](https://www.securitymagazine.com/articles/86071-data-breach-directions-what-to-do-after-an-attack)). They have since taken many steps to make their systems stronger and more robust to try to prevent a recurrence.
 
 🔔 SQL injection is a special case of injection attacks, and we have already noted that injection attacks are so common and dangerous that they are 2017 OWASP Top 10 #1. SQL injection specifically is such a common cause of security vulnerabilities that just SQL injection is 2021 CWE Top 25 #6 and 2019 CWE Top 25 #6. SQL injection is also identified as [CWE-89](https://cwe.mitre.org/data/definitions/89.html), *Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)*.
 
