\begin{result}
As of OWASP's statement\footnote{\url{%
https://www.owasp.org/index.php/Buffer_Overflows\#Platforms_Affected}}
- \PHP{} is not surceptible to buffer overflows as long no external
+ \PHP{} is not susceptible to buffer overflows as long no external
programs or extensions are used which is not the case.
\end{result}
\addtocounter{enumi}{3}
\item\fail{} Verify that all \SQL{} queries, \code{HQL}, \code{OSQL},
\code{NOSQL} and stored procedures, calling of stored procedures are
- protected by the use of prepared statements or query parameterization,
+ protected by the use of prepared statements or query parametrization,
and thus not susceptible to \SQL{} injection.
\begin{result}
\item\fail{} Verify that all input data is validated, not only \HTML{} form
fields but all sources of input such as \REST{} calls, query parameters,
\HTTP{} headers, cookies, batch files, \RSS{} feeds, etc; using positive
- validation (whitelisting), then lesser forms of validation such as
+ validation (white-listing), then lesser forms of validation such as
greylisting (eliminating known bad strings), or rejecting bad inputs
(blacklisting).