From df45067114ea3c7c29edd16972bf576711e44f4d Mon Sep 17 00:00:00 2001
From: Joe Bowbeer <joe.bowbeer@gmail.com>
Date: Mon, 13 Nov 2017 17:19:37 -0800
Subject: [PATCH] Update a8.html

grammatical fixes
---
 app/views/tutorial/a8.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/views/tutorial/a8.html b/app/views/tutorial/a8.html
index b3beb5899..ae1883bdf 100644
--- a/app/views/tutorial/a8.html
+++ b/app/views/tutorial/a8.html
@@ -18,7 +18,7 @@
                 <h3 class="panel-title">Description</h3>
             </div>
             <div class="panel-body">
-                A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests that vulnerable application processes are legitimate requests from the victim.
+                A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests that the vulnerable application processes as legitimate requests from the victim.
             </div>
         </div>
         <!--
@@ -70,9 +70,9 @@ <h3 class="panel-title">Attack Mechanics</h3>
                 <h3 class="panel-title">How Do I Prevent It?</h3>
             </div>
             <div class="panel-body">
-                <p>Express csrf middleware provide a very effective way to deal with csrf attack. By default this middleware generates a token named "_csrf" which should be added to requests which mutate state (PUT, POST, DELETE), within a hidden form field, or query-string, or header fields.</p>
+                <p>Express csrf middleware provides a very effective way to deal with csrf attack. By default this middleware generates a token named "_csrf" which should be added to requests which mutate state (PUT, POST, DELETE), within a hidden form field, or query-string, or header fields.</p>
                 <p>If using method-override middleware, it is very important that it is used before any middleware that needs to know the method of the request, including CSRF middleware. Otherwise an attacker can use non-state mutating methods (such as GET) to bypass the CSRF middleware checks, and use method override header to convert request to desired method.</p>
-                <p>When form is submitted, the middleware checks for existence of token and validates it by matching to the generated token for the response-request pair. If fails to match, it rejects the request. Thus making it really hard for an attacker to exploit CSRF.
+                <p>When form is submitted, the middleware checks for existence of token and validates it by matching to the generated token for the response-request pair. If tokens do not match, it rejects the request. Thus making it really hard for an attacker to exploit CSRF.
                 </p>
             </div>
         </div>
@@ -100,4 +100,4 @@ <h3 class="panel-title">Source Code Example</h3>
         </div>
     </div>
 </div>
-{% endblock %}
\ No newline at end of file
+{% endblock %}