From c9ee615b67a05ec6f3ecc8b4469d66f74a7be356 Mon Sep 17 00:00:00 2001
From: ff00ff-security <195214694+ff00ff-security@users.noreply.github.com>
Date: Mon, 20 Jan 2025 14:12:09 +0000
Subject: [PATCH] Update Session_Management_Cheat_Sheet.md inclusive/neutral
 terminology (#1586)

Updated wording to use inclusive/neutral terminology.
---
 cheatsheets/Session_Management_Cheat_Sheet.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cheatsheets/Session_Management_Cheat_Sheet.md b/cheatsheets/Session_Management_Cheat_Sheet.md
index 5d5446e8bf..17acc2ff53 100644
--- a/cheatsheets/Session_Management_Cheat_Sheet.md
+++ b/cheatsheets/Session_Management_Cheat_Sheet.md
@@ -358,7 +358,7 @@ Web applications should focus on detecting anomalies associated to the session I
 
 With the goal of detecting (and, in some scenarios, protecting against) user misbehaviors and session hijacking, it is highly recommended to bind the session ID to other user or client properties, such as the client IP address, User-Agent, or client-based digital certificate. If the web application detects any change or anomaly between these different properties in the middle of an established session, this is a very good indicator of session manipulation and hijacking attempts, and this simple fact can be used to alert and/or terminate the suspicious session.
 
-Although these properties cannot be used by web applications to trustingly defend against session attacks, they significantly increase the web application detection (and protection) capabilities. However, a skilled attacker can bypass these controls by reusing the same IP address assigned to the victim user by sharing the same network (very common in NAT environments, like Wi-Fi hotspots) or by using the same outbound web proxy (very common in corporate environments), or by manually modifying his User-Agent to look exactly as the victim users does.
+Although these properties cannot be used by web applications to trustingly defend against session attacks, they significantly increase the web application detection (and protection) capabilities. However, a skilled attacker can bypass these controls by reusing the same IP address assigned to the victim user by sharing the same network (very common in NAT environments, like Wi-Fi hotspots) or by using the same outbound web proxy (very common in corporate environments), or by manually modifying the User-Agent to look exactly as the victim users does.
 
 ### Logging Sessions Life Cycle: Monitoring Creation, Usage, and Destruction of Session IDs