Fix spelling errors.

(cherry picked from commit 405197b)

Author: rdwsecuritythemagroep

src/assets/YAML/default/BuildAndDeployment/Build.yaml

@@ -74,12 +74,12 @@ Build and Deployment:
       comments: ""
     Pinning of artifacts:
       risk: Unauthorized manipulation of artifacts might be difficult to spot. For
-        example, this may result in using images with malicious code. Also, intendend
+        example, this may result in using images with malicious code. Also, intended
         major changes, which are automatically used in an image used might break the
         functionality.
       measure: Pinning of artifacts ensure that changes are performed only when intended.
       comment: The usage of pinning requires a good processes for patching. Therefore,
-        choose this activity wisly.
+        choose this activity wisely.
       meta:
         implementationGuide: Pinning artifacts in Dockerfile refers to the practice of using specific,
           immutable versions of base images and dependencies in your build process. Instead of using the
@@ -142,7 +142,7 @@ Build and Deployment:
     Signing of artifacts:
       risk: &execution-maliciuous Execution or usage of malicious code or data e.g. via executables, libraries or container images.
       measure: Digitally signing artifacts for all steps during the build and especially
-        docker images, helps to ensure their integrity and autenticity.
+        docker images, helps to ensure their integrity and authenticity.
       difficultyOfImplementation:
         knowledge: 2
         time: 2

src/assets/YAML/default/BuildAndDeployment/Deployment.yaml

@@ -312,7 +312,7 @@ Build and Deployment:
       comments: ""
     Evaluation of the trust of used components:
       risk: 
-        Application and system components like Open Source libraies or images can have implementation flaws or deployment flaws. 
+        Application and system components like Open Source libraries or images can have implementation flaws or deployment flaws. 
         Developers or operations might start random images in the production cluster which have malicious code or known vulnerabilities.
       measure:
         Each components source is evaluated to be trusted. For example the source, number of developers included, email configuration used by maintainers to prevent maintainer account theft, typo-squatting, ...

src/assets/YAML/default/CultureAndOrganization/EducationAndGuidance.yaml

@@ -28,7 +28,7 @@ Culture and Organization:
       evidence: ""
       comments: ""
     Security Coaching:
-      risk: Training does not change behaviour. Therefore, even if security practices are understood, it's likly that they are not performed.
+      risk: Training does not change behaviour. Therefore, even if security practices are understood, it's likely that they are not performed.
       measure: By coaching teams on security topics using for example the samman coaching method, teams internalize security practices as new habits in their development process.
       difficultyOfImplementation:
         knowledge: 4
@@ -314,7 +314,7 @@ Culture and Organization:
       risk: Employees are not getting excited about security.
       measure: Good communication and transparency encourages cross-organizational
         support. Gamification of security is also known to help, examples include
-        T-Shirts, mugs, cups, giftcards and 'High-Fives'.
+        T-Shirts, mugs, cups, gift cards and 'High-Fives'.
       difficultyOfImplementation:
         knowledge: 3
         time: 2

src/assets/YAML/default/Implementation/ApplicationHardening.yaml

@@ -68,7 +68,7 @@ Implementation:
       dependsOn:
         - App. Hardening Level 1 (50%)
       description: |
-        To tackle the security of code developed in-house, OWASP offers an extensive collection of [Cheatsheets](https://cheatsheetseries.owasp.org/) demonstrating how to implement features securely. Moreover, the Security Knowledge Framework[1] offers an extensive library of code patterns spanning several programming languages. These patterns can be used to not only jumpstart the development process, but also do so securely.
+        To tackle the security of code developed in-house, OWASP offers an extensive collection of [Cheatsheets](https://cheatsheetseries.owasp.org/) demonstrating how to implement features securely. Moreover, the Security Knowledge Framework[1] offers an extensive library of code patterns spanning several programming languages. These patterns can be used to not only jump-start the development process, but also do so securely.
 
         [...]
 

src/assets/YAML/default/Implementation/DevelopmentAndSourceControl.yaml

@@ -3,7 +3,7 @@
 Implementation:
   Development and Source Control:
     Local development linting & style checks performed:
-      risk: Insecure or unmaintenable code base.
+      risk: Insecure or unmaintainable code base.
       measure: >-
         Integrate static code analysis tools in IDEs.
       difficultyOfImplementation:

src/assets/YAML/default/Implementation/InfrastructureHardening.yaml

@@ -243,7 +243,7 @@ Implementation:
       usefulness: 5
       level: 3
       dependsOn:
-      - Audit of systemcalls
+      - Audit of system events
       implementation:
       - $ref: src/assets/YAML/default/implementations.yaml#/implementations/seccomp
       - $ref: src/assets/YAML/default/implementations.yaml#/implementations/strace
@@ -360,7 +360,7 @@ Implementation:
       isImplemented: false
       evidence: ""
       comments: ""
-    Baseline Hardening of the envirnoment:
+    Baseline Hardening of the environment:
       risk: Using default configurations for a cluster environment leads to potential
         risks.
       measure: Harden environments according to best practices. Level 1 and
@@ -391,7 +391,7 @@ Implementation:
       isImplemented: false
       evidence: ""
       comments: ""
-    Hardening of the Envirnoment:
+    Hardening of the Environment:
       risk: Using default configurations for a cluster environment leads to potential
         risks.
       measure: Harden environments according to best practices. Level 2 and
@@ -452,7 +452,7 @@ Implementation:
       risk: Having security auditing in the same account as infrastructure and applications
         at the cloud provide might cause evil administrators (or threat actors taking
         over an account of an administrator) to alter evidence like audit logs.
-      measure: Usage of a seperate account dedicated for security activities.
+      measure: Usage of a separate account dedicated for security activities.
       difficultyOfImplementation:
         knowledge: 3
         time: 2
@@ -474,7 +474,7 @@ Implementation:
       risk: Evil actors might be able to perform a man in the middle attack and sniff
         confidential information (e.g. authentication factors like passwords)
       measure: By using encryption at the edge of traffic in transit, it is impossible
-        or at least harder to sniff credentials beeing outside of the organization.
+        or at least harder to sniff credentials being outside of the organization.
       difficultyOfImplementation:
         knowledge: 2
         time: 2
@@ -514,7 +514,7 @@ Implementation:
       isImplemented: false
       evidence: ""
       comments: ""
-    Usage of internal encryption at tansit:
+    Usage of internal encryption at transit:
       risk: Evil actors within the organization of traffic in transit might be able
         to perform a man in the middle attack and sniff confidential information (e.g.
         authentication factors like passwords)

src/assets/YAML/default/InformationGathering/Monitoring.yaml

@@ -52,7 +52,7 @@ Information Gathering:
       comments: ""
     Audit of system events:
       risk: System events (system calls) trends and attacks are not detected.
-      measure: Gathering of systemcalls.
+      measure: Gathering of system calls.
       difficultyOfImplementation:
         knowledge: 2
         time: 2
@@ -227,10 +227,10 @@ Information Gathering:
       evidence: ""
       comments: ""
     Monitoring of costs:
-      risk: Not monitorig costs might lead to unexpected high resource consumption
+      risk: Not monitoring costs might lead to unexpected high resource consumption
         and a high invoice.
       measure: Implement cost budgets. Setting of an alert threshold and sending out errors when it is reached. In the 
-        best case, a second treshold with a limit is set so that the cost can not go higher.
+        best case, a second threshold with a limit is set so that the cost can not go higher.
       difficultyOfImplementation:
         knowledge: 1
         time: 2

src/assets/YAML/default/TestAndVerification/Consolidation.yaml

@@ -59,7 +59,7 @@ Test and Verification:
           - 5.10
       isImplemented: false
       evidence: ""
-      comments: "The [DefectDojo-Client](https://github.com/SDA-SE/defectdojo-client/tree/master/statistic-client) generates statistics from OWASP DefectDojo and places the results in a [github repository](https://github.com/pagel-pro/cluster-image-scanner-all-results)."
+      comments: "The [DefectDojo-Client](https://github.com/SDA-SE/defectdojo-client/tree/master/statistic-client) generates statistics from OWASP DefectDojo and places the results in a [Github repository](https://github.com/pagel-pro/cluster-image-scanner-all-results)."
     Generation of Patch Management Statistics:
       risk: Delays in patch response lead to an increased attack surface through longer exposure of known vulnerabilities.
       measure: Average time to patch is visualized per component/project/team.

src/assets/YAML/default/TestAndVerification/DynamicDepthForInfrastructure.yaml

@@ -33,7 +33,7 @@ Test and Verification:
         leading to world open cluster management ports.
       measure: With the help of tools the network configuration of unintentional exposed
         cluster(s) are tested. To identify clusters, all subdomains might need to
-        be identified with a tool like OWASP Amass to perform portscans based o the
+        be identified with a tool like OWASP Amass to perform port scans based o the
         result.
       difficultyOfImplementation:
         knowledge: 1

src/assets/YAML/default/TestAndVerification/StaticDepthForInfrastructure.yaml

@@ -56,7 +56,7 @@ Test and Verification:
         resources: 1
       usefulness: 4
       level: 4
-      description: Subscribing to github projects and reading release notes might help. Software Composition Analysis for infrastructe might help, but is often too fine-granular.
+      description: Subscribing to Github projects and reading release notes might help. Software Composition Analysis for infrastructure might help, but is often too fine-granular.
       implementation:
       - $ref: src/assets/YAML/default/implementations.yaml#/implementations/https-github-com-a
       - $ref: src/assets/YAML/default/implementations.yaml#/implementations/registries-like-quay