Merge pull request FallibleInc#19 from radarhere/master

Fixed typos

Author: abhishek-anand

README.md

@@ -51,7 +51,7 @@ Our detailed explanations should help the first type while we hope our checklist
 11.2 Data integrity check for 3rd party code  
 11.3 Certificate Pinning
 12. Configuration mistakes    
-12.0 Provisoning in cloud: Ports, Shodan & AWS   
+12.0 Provisioning in cloud: Ports, Shodan & AWS
 12.1 Honey, you left the debug mode on  
 12.2 Logging (or not logging)  
 12.3 Monitoring  

security-checklist.md

@@ -55,7 +55,7 @@
 - [ ] `Sanitize` all user inputs or any input parameters exposed to user to prevent [SQL Injection](https://en.wikipedia.org/wiki/SQL_injection).
 - [ ] Sanitize user input if using it directly for functionalities like CSV import.
 - [ ] `Sanitize` user input for special cases like robots.txt as profile names in case you are using a url pattern like coolcorp.io/username. 
-- [ ] Do not hand code or build JSON by string concatenation ever, no matter how small the object is. Use your langauge defined libraries or framework.
+- [ ] Do not hand code or build JSON by string concatenation ever, no matter how small the object is. Use your language defined libraries or framework.
 - [ ] Sanitize inputs that take some sort of URLs to prevent [SSRF](https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit#heading=h.t4tsk5ixehdd).
 - [ ] Sanitize Outputs before displaying to users.
 
@@ -70,7 +70,7 @@
 - [ ] Do not leave the DEBUG mode on. In some frameworks, DEBUG mode can give access full-fledged REPL or shells or expose critical data in error messages stacktraces.
 - [ ] Be prepared for bad actors & DDOS - use [Cloudflare](https://www.cloudflare.com/ddos/).
 - [ ] Set up monitoring for your systems, and log stuff (use [New Relic](https://newrelic.com/) or something like that).
-- [ ] If developing for enterprise customers, adhere to compliance requirements. If AWS S3, consider using the feature to [encrypt data](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html). If using AWS EC2, consider using the feature to use encrypted volumes (even boot volumes can be encypted now). 
+- [ ] If developing for enterprise customers, adhere to compliance requirements. If AWS S3, consider using the feature to [encrypt data](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html). If using AWS EC2, consider using the feature to use encrypted volumes (even boot volumes can be encrypted now).
 
 ##### PEOPLE
 - [ ] Set up an email (e.g. [email protected]) and a page for security researchers to report vulnerabilities.

vulnerabilities-stats.md

@@ -20,7 +20,7 @@ At the time of writing, the Hackerone platform had 1731 publicly disclosed bugs
 | Unclassified+Info+Junk         | 376      | 21.7
 
 
-#### Issues sorted by their frequency of occurence 
+#### Issues sorted by their frequency of occurrence
 
 1 out of 3 issues were related to XSS, Insecure references to data (data leak) or missing CSRF token. The [Hackerone page](https://hackerone.com/hacktivity/new) listing these issues is quite interesting and can be read.