From 1e4fada41f266569accfba8bd6076cd641c42599 Mon Sep 17 00:00:00 2001
From: Ryan Rudder <96507400+RRudder@users.noreply.github.com>
Date: Mon, 27 Nov 2023 15:22:58 +1000
Subject: [PATCH] Removed hyphen from clickjacking

---
 .../content_security_policy/template.md                       | 2 +-
 .../content_security_policy_report_only/template.md           | 2 +-
 .../lack_of_security_headers/template.md                      | 2 +-
 .../x_content_security_policy/template.md                     | 2 +-
 .../lack_of_security_headers/x_frame_options/template.md      | 4 ++--
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy/template.md b/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy/template.md
index 03541186..bcbaecd4 100644
--- a/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy/template.md
+++ b/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A lack of the HTTP response header for Content Security Policy (CSP) can lead to sensitive user data being retrieved by an attacker and increases the attack surface for Cross-Site Scripting (XSS) and click-jacking attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Content-Security-Policy` security header allows admins to permissively control the types of resources allowed to load for a page.
+A lack of the HTTP response header for Content Security Policy (CSP) can lead to sensitive user data being retrieved by an attacker and increases the attack surface for Cross-Site Scripting (XSS) and clickjacking attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Content-Security-Policy` security header allows admins to permissively control the types of resources allowed to load for a page.
 
 An advanced attacker can leverage a missing `Content-Security-Policy` header to launch XSS attacks and execute malicious code in a user’s browser.
 
diff --git a/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy_report_only/template.md b/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy_report_only/template.md
index 04356098..36a3dec6 100644
--- a/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy_report_only/template.md
+++ b/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy_report_only/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A lack of the HTTP response header for `Content-Security-Policy-Report-Only` can lead to sensitive user data being retrieved by an attacker through Cross-Site Scripting (XSS) and click-jacking attacks without being detected. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Content-Security-Policy-Report-Only` security header allows for a report to be generated each time the browser detects a violation from the Content Security Policy (CSP).
+A lack of the HTTP response header for `Content-Security-Policy-Report-Only` can lead to sensitive user data being retrieved by an attacker through Cross-Site Scripting (XSS) and clickjacking attacks without being detected. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Content-Security-Policy-Report-Only` security header allows for a report to be generated each time the browser detects a violation from the Content Security Policy (CSP).
 
 An advanced attacker can leverage a missing `Content-Security-Policy-Report-Only` header to launch XSS attacks and execute malicious code in a user’s browser without detection.
 
diff --git a/submissions/description/server_security_misconfiguration/lack_of_security_headers/template.md b/submissions/description/server_security_misconfiguration/lack_of_security_headers/template.md
index 75879b6a..171272a9 100644
--- a/submissions/description/server_security_misconfiguration/lack_of_security_headers/template.md
+++ b/submissions/description/server_security_misconfiguration/lack_of_security_headers/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A lack of HTTP response security headers can lead to sensitive user data being retrieved by an attacker through Cross-Site Scripting (XSS), Machine-in-the-Middle (MitM), click-jacking, and some local network attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities.
+A lack of HTTP response security headers can lead to sensitive user data being retrieved by an attacker through Cross-Site Scripting (XSS), Man-in-the-Middle (MitM), clickjacking, and some local network attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities.
 
 An advanced attacker can leverage a missing security headers to bypass security controls of an application to execute code within a user's browser or capture data in transit.
 
diff --git a/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_content_security_policy/template.md b/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_content_security_policy/template.md
index 69699c5e..edd8ae20 100644
--- a/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_content_security_policy/template.md
+++ b/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_content_security_policy/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A lack of the HTTP response header for `X-Content-Security-Policy` can lead to sensitive user data being retrieved by an attacker and increases the attack surface for Cross-Site Scripting (XSS) and click-jacking attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `X-Content-Security-Policy` security header allows admins to permissively control the types of resources allowed to load for a page.
+A lack of the HTTP response header for `X-Content-Security-Policy` can lead to sensitive user data being retrieved by an attacker and increases the attack surface for Cross-Site Scripting (XSS) and clickjacking attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `X-Content-Security-Policy` security header allows admins to permissively control the types of resources allowed to load for a page.
 
 An advanced attacker can leverage a missing `X-Content-Security-Policy` header to launch XSS attacks and execute malicious code in a user’s browser.
 
diff --git a/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_frame_options/template.md b/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_frame_options/template.md
index 8fec6a62..ee36b3a7 100644
--- a/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_frame_options/template.md
+++ b/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_frame_options/template.md
@@ -4,11 +4,11 @@
 
 A lack of the HTTP response header for `X-Frame-Options` can lead to sensitive user data being retrieved by an attacker. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `X-Frame-Options` security header is used to instruct a browser whether it should or should not render an `<iframe>`, `<frame>`, `<embed>`, or `<object>` tag.
 
-An advanced attacker can leverage a missing `X-Frame-Options` header to render an `<iframe>`, `<frame>`, `<embed>`, or `<object>` tag to bypass Same Origin Policy (SOP) and read data, or to exploit a click-jacking attack.
+An advanced attacker can leverage a missing `X-Frame-Options` header to render an `<iframe>`, `<frame>`, `<embed>`, or `<object>` tag to bypass Same Origin Policy (SOP) and read data, or to exploit a clickjacking attack.
 
 ## Business Impact
 
-Not having an `X-Frame-Options` header can lead to reputational damage and indirect financial loss to the business due to an advanced attacker’s ability to access data through a click-jacking attack, or via bypassing the SOP. The degree of impact is dependent on the sensitivity of data being transmitted over the wire and the sophistication of the attacker’s abilities.
+Not having an `X-Frame-Options` header can lead to reputational damage and indirect financial loss to the business due to an advanced attacker’s ability to access data through a clickjacking attack, or via bypassing the SOP. The degree of impact is dependent on the sensitivity of data being transmitted over the wire and the sophistication of the attacker’s abilities.
 
 ## Steps to Reproduce