chore: Text Lint Additions & markdownlint-cli dependency update (#866)

Standardize
- Nmap with a leading cap, when referred to as a product.
- behavior (without the u).
- organization (with a z).

Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>

.github/configs/.textlintrc

@@ -34,6 +34,7 @@
 				"jQuery",
 				"LinkedIn",
 				"Lodash",
+				"Nmap",
 				"MacBook",
 				"Markdown",
 				"OpenType",
@@ -128,6 +129,10 @@
 					"backwards compatible",
 					"backward compatible"
 				],
+				[
+					"behaviour(s)?",
+					"behavior$1"
+				],
 				[
 					"build system(s)?",
 					"build tool$1"
@@ -160,6 +165,10 @@
 					"his or her",
 					"their"
 				],
+				[
+					"organisation(s|'s)?",
+					"organization$1"
+				],
 				[
 					"repo\\b",
 					"repository"

document/4-Web_Application_Security_Testing/01-Information_Gathering/04-Enumerate_Applications_on_Webserver.md

@@ -59,9 +59,9 @@ Another option is to probe for URLs which might be likely candidates for non-pub
 
 ### Approaches to Address Issue 2 - Non-standard Ports
 
-It is easy to check for the existence of web applications on non-standard ports. A port scanner such as nmap is capable of performing service recognition by means of the `-sV` option, and will identify http[s] services on arbitrary ports. What is required is a full scan of the whole 64k TCP port address space.
+It is easy to check for the existence of web applications on non-standard ports. A port scanner such as Nmap is capable of performing service recognition by means of the `-sV` option, and will identify http[s] services on arbitrary ports. What is required is a full scan of the whole 64k TCP port address space.
 
-For example, the following command will look up, with a TCP connect scan, all open ports on IP `192.168.1.100` and will try to determine what services are bound to them (only *essential* switches are shown – nmap features a broad set of options, whose discussion is out of scope):
+For example, the following command will look up, with a TCP connect scan, all open ports on IP `192.168.1.100` and will try to determine what services are bound to them (only *essential* switches are shown – Nmap features a broad set of options, whose discussion is out of scope):
 
 `nmap –Pn –sT –sV –p0-65535 192.168.1.100`
 
@@ -87,7 +87,7 @@ From this example, one see that:
 - It looks like there is an HTTPS server on port 443 (but this needs to be confirmed, for example, by visiting `https://192.168.1.100` with a browser).
 - On port 901 there is a Samba SWAT web interface.
 - The service on port 1241 is not HTTPS, but is the SSL-wrapped Nessus daemon.
-- Port 3690 features an unspecified service (nmap gives back its *fingerprint* - here omitted for clarity - together with instructions to submit it for incorporation in the nmap fingerprint database, provided you know which service it represents).
+- Port 3690 features an unspecified service (Nmap gives back its *fingerprint* - here omitted for clarity - together with instructions to submit it for incorporation in the Nmap fingerprint database, provided you know which service it represents).
 - Another unspecified service on port 8000; this might possibly be HTTP, since it is not uncommon to find HTTP servers on this port. Let's examine this issue:
 
 ```bash
@@ -112,7 +112,7 @@ This confirms that in fact it is an HTTP server. Alternatively, testers could ha
 
 - Apache Tomcat running on port 8080.
 
-The same task may be performed by vulnerability scanners, but first check that the scanner of choice is able to identify HTTP[S] services running on non-standard ports. For example, Nessus is capable of identifying them on arbitrary ports (provided it is instructed to scan all the ports), and will provide, with respect to nmap, a number of tests on known web server vulnerabilities, as well as on the SSL configuration of HTTPS services. As hinted before, Nessus is also able to spot popular applications or web interfaces which could otherwise go unnoticed (for example, a Tomcat administrative interface).
+The same task may be performed by vulnerability scanners, but first check that the scanner of choice is able to identify HTTP[S] services running on non-standard ports. For example, Nessus is capable of identifying them on arbitrary ports (provided it is instructed to scan all the ports), and will provide, with respect to Nmap, a number of tests on known web server vulnerabilities, as well as on the SSL configuration of HTTPS services. As hinted before, Nessus is also able to spot popular applications or web interfaces which could otherwise go unnoticed (for example, a Tomcat administrative interface).
 
 ### Approaches to Address Issue 3 - Virtual Hosts
 

document/4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture.md

@@ -16,7 +16,7 @@ Modern web applications can vary significantly in complexity, from a simple scri
 
 ## How to Test
 
-When testing from a black box perspective, it is important to try and build up a clear picture of how the application works, and which technologies and components are in place. In some cases it is possible to test for specific components (such as a web application firewall), while others can be identified by inspecting the behaviour of the application.
+When testing from a black box perspective, it is important to try and build up a clear picture of how the application works, and which technologies and components are in place. In some cases it is possible to test for specific components (such as a web application firewall), while others can be identified by inspecting the behavior of the application.
 
 The sections below provide a high-level overview of common architectural components, along with details of how they can be identified.
 

document/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials.md

@@ -38,12 +38,12 @@ If a default password can't be found, try common options such as:
 
 If the username is unknown, there are various options for enumerating users, discussed in the [Testing for Account Enumeration](../03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md) guide. Alternatively, try common options such as "admin", "root", or "system".
 
-### Testing for Organisation Default Passwords
+### Testing for Organization Default Passwords
 
-When staff within an organisation manually create passwords for new accounts, they may do so in a predictable way. This can often be:
+When staff within an organization manually create passwords for new accounts, they may do so in a predictable way. This can often be:
 
 - A single common password such as "Password1".
-- Organisation specific details, such as the organisation name or address.
+- Organization specific details, such as the organization name or address.
 - Passwords that follow a simple pattern, such as "Monday123" if account is created on a Monday.
 
 These types of passwords are often difficult to identify from a black-box perspective, unless they can successfully be guessed or brute-forced. However, they are easy to identify when performing grey-box or white-box testing.

document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13-Testing_for_Format_String_Injection.md

@@ -44,11 +44,11 @@ System.out.printf("DEBUG Current user: ");
 System.out.printf(userName);
 ```
 
-In this particular example, if the attacker set their `userName` to have one or more conversion specifiers, there would be unwanted behaviour. The C example would [print out memory contents](https://www.defcon.org/images/defcon-18/dc-18-presentations/Haas/DEFCON-18-Haas-Adv-Format-String-Attacks.pdf) if `userName` contained `%p%p%p%p%p`, and it can corrupt memory contents if there is a `%n` in the string. In the Java example, a `username` containing any specifier that needs an input (including `%x` or `%s`) would cause the program to crash with `IllegalFormatException`. Although the examples are still subject to other problems, the vulnerability can be fixed by printf arguments of `printf("DEBUG Current user: %s", userName)`.
+In this particular example, if the attacker set their `userName` to have one or more conversion specifiers, there would be unwanted behavior. The C example would [print out memory contents](https://www.defcon.org/images/defcon-18/dc-18-presentations/Haas/DEFCON-18-Haas-Adv-Format-String-Attacks.pdf) if `userName` contained `%p%p%p%p%p`, and it can corrupt memory contents if there is a `%n` in the string. In the Java example, a `username` containing any specifier that needs an input (including `%x` or `%s`) would cause the program to crash with `IllegalFormatException`. Although the examples are still subject to other problems, the vulnerability can be fixed by printf arguments of `printf("DEBUG Current user: %s", userName)`.
 
 ## Test Objectives
 
-- Assess whether injecting format string conversion specifiers into user-controlled fields causes undesired behaviour from the application.
+- Assess whether injecting format string conversion specifiers into user-controlled fields causes undesired behavior from the application.
 
 ## How to Test
 

document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection.md

@@ -116,7 +116,7 @@ https://www.attacker.com/reset.php?token=12345
 
 In some cases a server may have virtual hosts that are not intended to be externally accessible. This is most common with a [split-horizon](https://en.wikipedia.org/wiki/Split-horizon_DNS) DNS setup (where internal and external DNS servers return different records for the same domain).
 
-For example, an organisation may have a single webserver on their internal network, which hosts both their public website (on `www.example.org`) and their internal Intranet (on `intranet.example.org`, but that record only exists on the internal DNS server). Although it would not be possible to browse directly to `intranet.example.org` from outside the network (as the domain would not resolve), it may be possible to access to Intranet by making a request from outside with the following `Host` header:
+For example, an organization may have a single webserver on their internal network, which hosts both their public website (on `www.example.org`) and their internal Intranet (on `intranet.example.org`, but that record only exists on the internal DNS server). Although it would not be possible to browse directly to `intranet.example.org` from outside the network (as the domain would not resolve), it may be possible to access to Intranet by making a request from outside with the following `Host` header:
 
 ```http
 Host: intranet.example.org

document/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking.md

@@ -191,7 +191,7 @@ Attacker code:
 <iframe src="http://example.org/?param=<script>if">
 ```
 
-- **Chrome 4.0 XSSAuditor filter**: It has a little different behaviour compared to IE8 XSS filter, in fact with this filter an attacker could deactivate a "script" by passing its code in a request parameter. This enables the framing page to specifically target a single snippet containing the frame busting code, leaving all the other codes intact.
+- **Chrome 4.0 XSSAuditor filter**: It has a little different behavior compared to IE8 XSS filter, in fact with this filter an attacker could deactivate a "script" by passing its code in a request parameter. This enables the framing page to specifically target a single snippet containing the frame busting code, leaving all the other codes intact.
 
 Example: Target web page frame busting code:
 

package.json

@@ -5,7 +5,7 @@
   "main": "index.js",
   "dependencies": {},
   "devDependencies": {
-    "markdownlint-cli": "^0.28.1"
+    "markdownlint-cli": "^0.31.1"
   },
   "scripts": {
     "pdfgen": "bash ./.github/pdf/scripts/make-pdf.sh",