diff --git a/release-pt-br/03-introduction.md b/release-pt-br/03-introduction.md index c59a3c32..1ab496d5 100644 --- a/release-pt-br/03-introduction.md +++ b/release-pt-br/03-introduction.md @@ -47,7 +47,7 @@ OWASP Software Assurance Maturity Model ([SAMM][samm]) and describes the OWASP p referenced in the OWASP [Application Security Wayfinder][intstand] project. This guide does not seek to replicate the many excellent sources on specific security topics; -it will rarely tries to go into details on a subject and instead provides links for greater depth on these security topics. +it rarely tries to go into detail on a subject and instead provides links for greater depth on these security topics. Instead the content of the Developer Guide aims to be accessible, introducing practical security concepts and providing enough detail to get developers started on various OWASP tools and documents. diff --git a/release-pt-br/04-foundations/02-secure-development.md b/release-pt-br/04-foundations/02-secure-development.md index d9fb9bea..32eaa40c 100644 --- a/release-pt-br/04-foundations/02-secure-development.md +++ b/release-pt-br/04-foundations/02-secure-development.md @@ -165,7 +165,6 @@ There are many OWASP tools and resources to help build security into the SDLC. * [Nettacker][net] * [Offensive Web Testing Framework][owtf] (OWTF) * [Web Security Testing Guide][wstg] (WSTG) -* [Zed Attack Proxy][zap] (ZAP) #### OWASP training projects @@ -237,4 +236,3 @@ then [submit an issue][issue0402] or [edit on GitHub][edit0402]. [intstand]: https://owasp.org/www-project-integration-standards/ [webgoat]: https://owasp.org/www-project-webgoat/ [wstg]: https://owasp.org/www-project-web-security-testing-guide/ -[zap]: https://www.zaproxy.org/ diff --git a/release-pt-br/05-requirements/03-opencre.md b/release-pt-br/05-requirements/03-opencre.md index 2b54233e..04bfec7e 100644 --- a/release-pt-br/05-requirements/03-opencre.md +++ b/release-pt-br/05-requirements/03-opencre.md @@ -12,7 +12,7 @@ permalink: /release-pt-br/requirements/opencre_integration_standard/ {% include breadcrumb.html %} -[OpenCRE logo](../../../assets/images/logos/opencre.png "OWASP OpenCRE"){: height="180px" } +![OpenCRE logo](../../../assets/images/logos/opencre.png "OWASP OpenCRE"){: height="180px" } ### 3.3 OpenCRE @@ -48,7 +48,7 @@ This provides an overview of tools and techniques used for most SDLCs. * OWASP [Proactive Controls][proactiveocre] * OWASP [Cheat Sheets][csocre] * OWASP [WSTG][wstgocre] -* [ZAP][zapocre] from [Crash Override][crash] +* [ZAP][zapocre] The aim of this project is to 'Link all the things with OpenCRE' which will: @@ -105,7 +105,6 @@ then [submit an issue][issue0503] or [edit on GitHub][edit0503]. [asvs]: https://owasp.org/www-project-application-security-verification-standard/ [capecocre]: https://opencre.org/search/CAPEC -[crash]: https://crashoverride.com/ [csocre]: https://opencre.org/search/OWASP%20Cheat%20Sheets [cweocre]: https://opencre.org/search/CWE [cwe]: https://cwe.mitre.org/ diff --git a/release-pt-br/06-design/01-threat-modeling/01-threat-modeling.md b/release-pt-br/06-design/01-threat-modeling/01-threat-modeling.md index f542cc67..5362358b 100644 --- a/release-pt-br/06-design/01-threat-modeling/01-threat-modeling.md +++ b/release-pt-br/06-design/01-threat-modeling/01-threat-modeling.md @@ -20,7 +20,7 @@ Threat modeling is part of the [Threat Assessment][sammdta] security practice in Much of the material in this section is drawn from the OWASP [Threat Model project][tmproject], and the philosophy of this section tries to follow the [Threat Modeling Manifesto][tmmanifesto]. -[![TMM logo](../../../../assets/images/logos/tmmanifesto.png "OWASP TM Manifesto"){: height="60px" }][tmmanifesto] +![TMM logo](../../../../assets/images/logos/tmmanifesto.png "OWASP TM Manifesto"){: height="60px" } #### Overview diff --git a/release-pt-br/06-design/01-threat-modeling/02-pytm.md b/release-pt-br/06-design/01-threat-modeling/02-pytm.md index a0ccbebc..d7e14ee2 100644 --- a/release-pt-br/06-design/01-threat-modeling/02-pytm.md +++ b/release-pt-br/06-design/01-threat-modeling/02-pytm.md @@ -125,7 +125,7 @@ then [submit an issue][issue060102] or [edit on GitHub][edit060102]. [edit060102]: https://github.com/OWASP/www-project-developer-guide/blob/main/draft/06-design/01-threat-modeling/02-pytm.md [pytmrepo]: https://github.com/OWASP/pytm/ [pytmproject]: https://owasp.org/www-project-pytm/ -[pytmexample]: https://github.com/OWASP/pytm/blob/master/tm.py -[pytmreleases]: https://github.com/OWASP/pytm/releases +[pytmexample]:https://github.com/OWASP/pytm/blob/master/tm.py +[pytmreleases]:https://github.com/OWASP/pytm/releases [spotlight06]: https://youtu.be/oTqkPaEbTnE [TMchap4]: https://www.oreilly.com/library/view/threat-modeling/9781492056546/ch04.html diff --git a/release-pt-br/07-implementation/02-dependencies/01-dependency-check.md b/release-pt-br/07-implementation/02-dependencies/01-dependency-check.md index 0ee26ddb..91e64a5c 100644 --- a/release-pt-br/07-implementation/02-dependencies/01-dependency-check.md +++ b/release-pt-br/07-implementation/02-dependencies/01-dependency-check.md @@ -12,7 +12,7 @@ permalink: /release-pt-br/implementation/dependencies/dependency_check/ {% include breadcrumb.html %} -[![DepCheck logo](../../../../assets/images/logos/depcheck.png "OWASP Dependency-Check"){: height="150px" }][depcheck] +![DepCheck logo](../../../../assets/images/logos/depcheck.png "OWASP Dependency-Check"){: height="150px" } ### 5.2.1 Dependency-Check diff --git a/release-pt-br/08-verification/03-frameworks/01-secure-codebox.md b/release-pt-br/08-verification/03-frameworks/01-secure-codebox.md index 9ed8b9d2..1357767d 100644 --- a/release-pt-br/08-verification/03-frameworks/01-secure-codebox.md +++ b/release-pt-br/08-verification/03-frameworks/01-secure-codebox.md @@ -12,7 +12,7 @@ permalink: /release-pt-br/verification/frameworks/secure_codebox/ {% include breadcrumb.html %} -[![SecureCodeBox logo](../../../../assets/images/logos/securecodebox.png "OWASP SecureCodeBox"){: height="180px" }][codebox] +![SecureCodeBox logo](../../../../assets/images/logos/securecodebox.png "OWASP SecureCodeBox"){: height="180px" } #### 6.3.1 secureCodeBox diff --git a/release-pt-br/08-verification/04-vulnerability-management/01-defectdojo.md b/release-pt-br/08-verification/04-vulnerability-management/01-defectdojo.md index 46f2aabc..1ee5f3f2 100644 --- a/release-pt-br/08-verification/04-vulnerability-management/01-defectdojo.md +++ b/release-pt-br/08-verification/04-vulnerability-management/01-defectdojo.md @@ -12,7 +12,7 @@ permalink: /release-pt-br/verification/vulnerability_management/defectdojo/ {% include breadcrumb.html %} -[![DefectDojo logo](../../../../assets/images/logos/defectdojo.png "OWASP DefectDojo"){: height="180px" }][defectdojo] +![DefectDojo logo](../../../../assets/images/logos/defectdojo.png "OWASP DefectDojo"){: height="160px" } ### 6.4.1 DefectDojo diff --git a/release-pt-br/09-training-education/01-vulnerable-apps/02-webgoat.md b/release-pt-br/09-training-education/01-vulnerable-apps/02-webgoat.md index fc82cb65..bdae7f7a 100644 --- a/release-pt-br/09-training-education/01-vulnerable-apps/02-webgoat.md +++ b/release-pt-br/09-training-education/01-vulnerable-apps/02-webgoat.md @@ -28,7 +28,7 @@ permalink: /release-pt-br/training_education/vulnerable_applications/webgoat/ The OWASP [WebGoat][webgoat] project is a deliberately insecure web application that can be used to attack common application vulnerabilities in a safe environment. -It can also be used to exercise application security tools, such as [ZAP][zap], to practice +It can also be used to exercise application security tools to practice scanning and identifying the various vulnerabilities built into WebGoat. WebGoat is a well established OWASP project and achieved Lab Project status many years ago. @@ -105,7 +105,7 @@ WebWolf provides: Try all the WebGoat lessons, they will certainly inform and educate. Use WebGoat in demonstrations of your favourite attack chains. -Exercise Zap and Burp Suite against WebGoat, or other attack tools you have with you. +Exercise available attack tools against WebGoat. Try out the WebGoat desktop environment by running `docker run -p 127.0.0.1:3000:3000 webgoat/webgoat-desktop` and navigating to `http://localhost:3000/`. @@ -116,7 +116,6 @@ There are various ways of configuring WebGoat, see the [github repo][goatgithub] * OWASP [WebGoat][webgoat] and WebWolf * [Docker][dockerinstall] -* [ZAP][zap] ---- @@ -130,4 +129,3 @@ then [submit an issue][issue090102] or [edit on GitHub][edit090102]. [edit090102]: https://github.com/OWASP/www-project-developer-guide/blob/main/draft/09-training-education/01-vulnerable-apps/02-webgoat.md [issue090102]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2009-training-education/01-vulnerable-apps/02-webgoat [webgoat]: https://owasp.org/www-project-webgoat/ -[zap]: https://www.zaproxy.org/ diff --git a/release-pt-br/11-operations/02-coraza.md b/release-pt-br/11-operations/02-coraza.md index 9955dafc..1b409993 100644 --- a/release-pt-br/11-operations/02-coraza.md +++ b/release-pt-br/11-operations/02-coraza.md @@ -12,7 +12,7 @@ permalink: /release-pt-br/operations/coraza_waf/ {% include breadcrumb.html %} -[![Coraza logo](../../../assets/images/logos/coraza.png "OWASP Coraza"){: height="180px" }][coraza] +![Coraza logo](../../../assets/images/logos/coraza.png "OWASP Coraza"){: height="180px" } ### 9.2 Coraza Web Application Firewall