Clean up errors reported in CI pipeline

.github/workflows/ci.yml

@@ -18,7 +18,12 @@ jobs:
       - name: Link Checker
         uses: lycheeverse/lychee-action@v2.6.1
         with:
-          args: --no-progress --max-retries 5 --exclude-path './docs/archive/' './docs/**/*.md'
+          args: >-
+            --no-progress
+            --max-retries 5
+            './docs/*.md'
+            './docs/introduction/*.md'
+            './docs/the-top-10/*.md'
           fail: true
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
@@ -34,7 +39,10 @@ jobs:
         uses: DavidAnson/markdownlint-cli2-action@v20.0.0
         with:
           config: '.markdownlint.yaml'
-          globs: './docs/**/*.md'
+          globs: |
+            './docs/*.md'
+            './docs/introduction/*.md'
+            './docs/the-top-10/*.md'
 
   spell_checker:
     name: Check spelling

.lycheeignore

@@ -0,0 +1,2 @@
+# the HashiCorp Vault is complaining with Too Many Requests
+https://developer.hashicorp.com/vault

.spellcheck.yaml

@@ -17,5 +17,7 @@ matrix:
       - code
       - pre
   sources:
-  - 'docs/**/*.md'
+  - 'docs/*.md'
+  - 'docs/introduction/*.md'
+  - 'docs/the-top-10/*.md'
   default_encoding: utf-8

.wordlist.txt

@@ -273,6 +273,7 @@ Jaskirat
 Kron
 Lukas
 Weichselbaum
+XXE
 cowsecurity
 joonakokkola
 untracked

docs/introduction/in-the-news.md

@@ -23,10 +23,8 @@ Introduction of the OWASP Top 10 Proactive Controls v4 and switch to new wiki sy
 
 ## 2019
 
-- \[July 2019\] Featured in Coursera course from UCDavies
-    [Identifying Security Vulnerabilities](https://www.coursera.org/directory/videos?courseId=V1k0pBtIEemZRAqH7m9oGA)
+- \[July 2019\] Featured in Coursera course from UCDavies: Identifying Security Vulnerabilities
 - \[23 June 2019\] Featured on HackerCombat: [Implement OWASP Proactive Controls to Work](https://hackercombat.com/implement-owasp-proactive-controls-to-work/)
-- \[7 June 2019\] Feature on OWASP DevSlop Show [Proactive Controls](https://www.youtube.com/watch?v=Jdb3qweDc_Q)
 - \[15 May 2019\] Featured in TechBeacon: [Put OWASP Top 10 Proactive Controls to work](https://techbeacon.com/security/put-owasp-top-10-proactive-controls-work)
 - \[2 Mar 2019\] Webinar: [The OWASP Top Ten Proactive Controls with Jim Manico](https://www.youtube.com/watch?v=ldXe8f5yVq8)
 

docs/the-top-10/c2-crypto.md

@@ -120,7 +120,7 @@ If the application needs to support high availability, design key-rollover proce
 - [OWASP O-Saft TLS Tool](https://www.owasp.org/index.php/O-Saft) - TLS connection testing tool
 - [GitRob](https://github.com/michenriksen/gitrob) - Command line tool to find sensitive information in publicly available files on GitHub
 - [TruffleHog](https://github.com/dxa4481/truffleHog) - Searches for secrets accidentally committed
-- [Hashicorp Vault](https://www.vaultproject.io/) - Secrets manager
+- [Hashicorp Vault](https://developer.hashicorp.com/vault) - Secrets manager
 - [Amazon KMS](https://aws.amazon.com/kms/) - Manage keys on AWS
 - [AWS Secrets Manager](https://aws.amazon.com/secrets-manager) - Manage secrets on AWS
 - [Azure Key Vault](https://azure.microsoft.com/en-us/products/key-vault) - Manage keys and secrets on Azure

docs/the-top-10/c3-validate-input-and-handle-exceptions.md

@@ -142,7 +142,7 @@ If that is not possible then consider a series of validation defenses when proce
 Regarding Input Validation:
 
 - [OWASP Cheat Sheet: Input Validation](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)
-- [OWASP Testing Guide: Testing for Input Validation](https://www.owasp.org/index.php/Testing_for_Input_Validation)
+- [OWASP Testing Guide: Testing for Input Validation](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README)
 - [OWASP Cheat Sheet Series: DOM based XSS Prevention](https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html)
 - [Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html)
 - [Injection Prevention Cheat Sheet in Java](https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html)

docs/the-top-10/c5-secure-by-default.md

@@ -41,7 +41,7 @@ As part of software development, a developer needs to ensure that software is co
 ## References
 
 - OWASP Cheat Sheet: [Infrastructure as Code Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Infrastructure_as_Code_Security_Cheat_Sheet.html)
-- OWASP ASVS: [Application Security Verification Standard V14 Configuration](https://github.com/OWASP/ASVS/blob/master/5.0/en/0x22-V14-Config.md)
+- OWASP ASVS: [Application Security Verification Standard V14 Configuration](https://github.com/OWASP/ASVS/blob/master/5.0/en/0x22-V13-Configuration.md)
 - [Cloud security guidance - NCSC.GOV.UK](https://www.ncsc.gov.uk/collection/cloud-security)
 
 ## Tools

docs/the-top-10/c9-security-logging-and-monitoring.md

@@ -23,7 +23,7 @@ Use logging to identify activity that indicates that a user is behaving maliciou
 - Submitted data that is outside of an expected numeric range.
 - Submitted data that involves changes to data that should not be modifiable (select list, checkbox or other limited entry component).
 - Requests that violate server-side access control rules.
-- A more comprehensive list of possible detection points is available [here](https://cheatsheetseries.owasp.org/cheatsheets/Application_Logging_Vocabulary_Cheat_Sheet.html).
+- A more comprehensive list of [possible detection points](https://cheatsheetseries.owasp.org/cheatsheets/Application_Logging_Vocabulary_Cheat_Sheet.html) is available.
 
 When your application encounters such activity, your application should at the very least log the activity and mark it as a high severity issue. Ideally, your application should also respond to a possible identified attack, by for example invalidating the user’s session and locking the user’s account. The response mechanisms allow the software to react in realtime to possible identified attacks.