Clean up security articles

Author: sofietoft

umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/README.md

@@ -30,20 +30,20 @@ Learn more about how this in the [Manage Security](managing-transport-security.m
 
 Umbraco Cloud Websites support the following TLS ciphers in this order:
 
-* TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384
-* TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA256
-* TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA
-* TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA
-* TLS\_DHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384
-* TLS\_DHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256
-* TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA
-* TLS\_DHE\_RSA\_WITH\_AES\_128\_CBC\_SHA
+* `TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384`
+* `TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA256`
+* `TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA`
+* `TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA`
+* `TLS\_DHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384`
+* `TLS\_DHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256`
+* `TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA`
+* `TLS\_DHE\_RSA\_WITH\_AES\_128\_CBC\_SHA`
 
 The different Ciphers can be enabled or disabled on the security project settings page for your Cloud projects.
 
 <figure><img src="../../../.gitbook/assets/image (7) (1) (1).png" alt=""><figcaption><p>Enable or disable TLS Ciphers</p></figcaption></figure>
 
-### HSTS - HTTP Strict Transport Security
+### HTTP Strict Transport Security (HSTS)
 
 It's possible to enforce HSTS: [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) by adding the headers to your website. This grants Umbraco Cloud Websites an A+ security rating on sslabs (March 2020).
 
@@ -90,7 +90,7 @@ In order to integrate older external applications to access Umbraco Cloud Websit
 
 For ASP.NET applications, inspect the `<system.web><httpRuntime targetFramework>` element of web.config to find the version of the .NET Framework your application is using. .NET applications on .NET 4.7+ are using the OS specified TLS protocols. In Windows 8 & 10, Windows Server 2012 & 2016 TLS 1.2+ is used by default, therefore no actions necessary. .NET applications lower then 4.7 require updates to ensure they can communicate using TLS 1.2 by default.
 
-More information specifically from Microsoft about .Net applications and Transport Layer Security (TLS) support can be found [in Microsoft's official docs](https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#audit-your-code-and-make-code-changes). For other application frameworks/languages we encourage to lookup their respective documentations.
+More information specifically from Microsoft about .Net applications and Transport Layer Security (TLS) support can be found [in Microsoft's official documentation](https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#audit-your-code-and-make-code-changes). For other application frameworks/languages we encourage to lookup their respective documentations.
 
 ### HTTP
 
@@ -111,13 +111,13 @@ Umbraco Cloud offers a multitude of features allowing you to block access to dif
 * Basic Authentication allows access to the Backoffice & Frontend of Umbraco Cloud Websites for authenticated users only.
 
 {% hint style="info" %}
-Basic authentication will not be available for projects running Umbraco 9. It is available for Umbraco Cloud version 10 (and newer) versions, however, the users are currently unable to exclude IP addresses for authentication using the allowlist feature.
+Basic authentication will not be available for projects running Umbraco 9. It is available from Umbraco Cloud version 10. The users are currently unable to exclude IP addresses for authentication using the allowlist feature.
 {% endhint %}
 
 * IP based list allowing access to Frontend & Backoffice
 * IP based list allowing access to website database
 
-### Web Application Firewall
+### Web Application Firewall (WAF)
 
 WAF is or can be enabled on the custom hostname(s) you add to your Umbraco Cloud project. [Learn more about how this feature works and helps to secure your websites](web-application-firewall.md).
 
@@ -135,7 +135,7 @@ For more information see [the related GitHub issue](https://github.com/Azure/app
 
 ## Deny specific IPs from accessing your website
 
-You can block people and bots(e.g. a malicious scanning bot) from accessing your website by adding their IP addresses to a deny-list.
+You can block people and bots(like a malicious scanning bot) from accessing your website by adding their IP addresses to a deny-list.
 
 The following rule can be added to your web.config file in the `system.webServer/rewrite/rules/` section.
 

umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/managing-transport-security.md

@@ -1,6 +1,6 @@
 # Managing Transport Security
 
-Once you have added your custom hostnames to your Umbraco Cloud project, it's possible to configure certain transport security options for all or specific custom hostnames within your project. These security options all relate to the traffic that goes through your hostname from the origin (Umbraco Cloud) to the end-user - meaning the protocols and encryption used to transport your website and assets from the webserver to the browser.
+Once you have added your custom hostnames to your Umbraco Cloud project, it's possible to configure certain transport security options for your custom hostnames. These options all relate to the traffic that goes through your hostname from the origin (Umbraco Cloud) to the end-user. This includes the protocols and encryption used to transport your website and assets from the webserver to the browser.
 
 Currently, these options are available:
 
@@ -16,11 +16,13 @@ When a new custom hostname is added to a Project it will have the default settin
 
 ## HTTP/2 Explained
 
-The first usable version of HTTP was created in 1997. Because it went through different stages of development, this first version of HTTP was called HTTP/1.1. This version is still in use on the web. In 2015, a new version of HTTP called HTTP/2 was created. HTTP/2 progressively enhances your website’s performance. When a browser supports HTTP/2, Umbraco Cloud will take full advantage of HTTP/2 performance benefits end to end. For older browsers or non-HTTPS requests, the traffic will fall back to HTTP/1.1. You don’t need to choose between better performance and backward compatibility, which is why HTTP/2 is enabled by default for all new custom hostnames added to a Umbraco Cloud project.
+The first usable version of HTTP was created in 1997. Because it went through different stages of development, this first version of HTTP was called HTTP/1.1. This version is still in use on the web. In 2015, a new version of HTTP called HTTP/2 was created. HTTP/2 progressively enhances your website’s performance. When a browser supports HTTP/2, Umbraco Cloud will take full advantage of HTTP/2 performance benefits end to end. For older browsers or non-HTTPS requests, the traffic will fall back to HTTP/1.1.
+
+You don’t need to choose between better performance and backward compatibility. This is why HTTP/2 is enabled by default for all new custom hostnames added to a Umbraco Cloud project.
 
 ## TLS 1.3 Explained
 
-Transport Layer Security (TLS) TLS 1.3 is the newest, fastest, and most secure version of the TLS protocol. SSL/TLS is the protocol that encrypts communication between users and your website. When web traffic is encrypted with TLS, users will see the green padlock in their browser window. By turning on the TLS 1.3 option, traffic to and from your website will be served over the TLS 1.3 protocol when supported by clients. TLS 1.3 protocol has improved latency over older versions, has several new features, and is currently supported in both Chrome (starting with release 66), Firefox (starting with release 60), and in development for Safari and Edge browsers.
+Transport Layer Security (TLS) TLS 1.3 is the newest, fastest, and most secure version of the TLS protocol. SSL/TLS is the protocol that encrypts communication between users and your website. When web traffic is encrypted with TLS, users will see the green padlock in their browser window. By turning on TLS 1.3, traffic to and from your website will be served over the TLS 1.3 protocol when supported by clients. The TLS 1.3 protocol has improved latency, new features, and is supported in Chrome (starting with release 66), Firefox (starting with release 60).
 
 ## Minimum TLS Version Explained
 
@@ -68,7 +70,7 @@ Aside from the environments, the Security page is divided into 'Default Settings
 
 <figure><img src="../../../.gitbook/assets/security-settings.png" alt=""><figcaption><p>Security Settings Umbraco Cloud</p></figcaption></figure>
 
-If you want to have different security options for different custom hostnames, then select the custom hostname under **Hostname Specific Settings** and adjust the options for that specific hostname. This might be useful if you want to test the different options on another custom hostname than your primary hostname.
+If you want to have different security options for different custom hostnames, select the custom hostname under **Hostname Specific Settings** and adjust the options. This might be useful if you want to test the different options on another custom hostname than your primary hostname.
 
 <figure><img src="../../../.gitbook/assets/hostname-specific-settings.png" alt=""><figcaption><p>Hostname Specific settings</p></figcaption></figure>
 

umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/web-application-firewall.md

@@ -6,14 +6,14 @@ description: >-
 
 # Web Application Firewall
 
-A Web Application Firewall (WAF) is a security solution designed to protect web applications by filtering and monitoring HTTP traffic between them and the Internet. By acting as a shield between the web application and potential threats, it helps mitigate various common attacks such as cross-site scripting (XSS), SQL injection, and file inclusion.[ ](https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/)
+A Web Application Firewall (WAF) is a security solution designed to protect web applications by filtering and monitoring HTTP traffic between them and the Internet. By acting as a shield between the web application and potential threats, it helps mitigate common attacks. This could be attacks like cross-site scripting (XSS), SQL injection, and file inclusion.[ ](https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/)
 
 ## Umbraco Cloud WAF
 
 Umbraco Cloud uses [Cloudflare’s Managed Rulesets](https://developers.cloudflare.com/waf/managed-rules/) which include pre-configured rules that provide immediate protection against a wide range of threats. These managed rulesets are regularly updated to defend against the latest vulnerabilities and attack techniques. The rulesets include protections against:
 
 * **Zero-day vulnerabilities**: Newly discovered vulnerabilities that have not yet been patched.
-* **Top-10 attack techniques (logging only)**: Common attack methods identified by security organizations like OWASP.
+* **Top-10 attack techniques (logging only)**: Common attack methods identified by security organizations like Open Worldwide Application Security Project (OWASP).
 
 WAF is enabled by default on each custom hostname. It is not available for the internal Cloud hostnames.