From 7dd81e70883a36700c6ae8a902b9c0ea6a133ec1 Mon Sep 17 00:00:00 2001
From: ff00ff-security <195214694+ff00ff-security@users.noreply.github.com>
Date: Thu, 23 Jan 2025 20:14:37 +0000
Subject: [PATCH] Update Session_Management_Cheat_Sheet.md possession and
 plural change

Updated wording to address possession and plural inconsistency.
---
 cheatsheets/Session_Management_Cheat_Sheet.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cheatsheets/Session_Management_Cheat_Sheet.md b/cheatsheets/Session_Management_Cheat_Sheet.md
index 17acc2ff53..887d8a186e 100644
--- a/cheatsheets/Session_Management_Cheat_Sheet.md
+++ b/cheatsheets/Session_Management_Cheat_Sheet.md
@@ -358,7 +358,7 @@ Web applications should focus on detecting anomalies associated to the session I
 
 With the goal of detecting (and, in some scenarios, protecting against) user misbehaviors and session hijacking, it is highly recommended to bind the session ID to other user or client properties, such as the client IP address, User-Agent, or client-based digital certificate. If the web application detects any change or anomaly between these different properties in the middle of an established session, this is a very good indicator of session manipulation and hijacking attempts, and this simple fact can be used to alert and/or terminate the suspicious session.
 
-Although these properties cannot be used by web applications to trustingly defend against session attacks, they significantly increase the web application detection (and protection) capabilities. However, a skilled attacker can bypass these controls by reusing the same IP address assigned to the victim user by sharing the same network (very common in NAT environments, like Wi-Fi hotspots) or by using the same outbound web proxy (very common in corporate environments), or by manually modifying the User-Agent to look exactly as the victim users does.
+Although these properties cannot be used by web applications to trustingly defend against session attacks, they significantly increase the web application detection (and protection) capabilities. However, a skilled attacker can bypass these controls by reusing the same IP address assigned to the victim user by sharing the same network (very common in NAT environments, like Wi-Fi hotspots) or by using the same outbound web proxy (very common in corporate environments), or by manually modifying the User-Agent to look exactly like the victim user's.
 
 ### Logging Sessions Life Cycle: Monitoring Creation, Usage, and Destruction of Session IDs