diff --git a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.qhelp b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.qhelp
index ccd297c3b36..4ad7a40fed6 100644
--- a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.qhelp
+++ b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.qhelp
@@ -34,7 +34,7 @@ characters before writing to the HTML page.
OWASP:
-XSS
+XSS
(Cross Site Scripting) Prevention Cheat Sheet.
diff --git a/csharp/ql/src/Security Features/CWE-079/XSS.qhelp b/csharp/ql/src/Security Features/CWE-079/XSS.qhelp
index 9a71290694d..409be1030e7 100644
--- a/csharp/ql/src/Security Features/CWE-079/XSS.qhelp
+++ b/csharp/ql/src/Security Features/CWE-079/XSS.qhelp
@@ -29,7 +29,7 @@ leaving the website vulnerable to cross-site scripting.
OWASP:
-XSS
+XSS
(Cross Site Scripting) Prevention Cheat Sheet.
diff --git a/csharp/ql/src/Security Features/CWE-090/LDAPInjection.qhelp b/csharp/ql/src/Security Features/CWE-090/LDAPInjection.qhelp
index 118e91ed4d9..04f01720ce6 100644
--- a/csharp/ql/src/Security Features/CWE-090/LDAPInjection.qhelp
+++ b/csharp/ql/src/Security Features/CWE-090/LDAPInjection.qhelp
@@ -33,7 +33,7 @@ the query cannot be changed by a malicious user.
-OWASP: LDAP Injection Prevention Cheat Sheet.
+OWASP: LDAP Injection Prevention Cheat Sheet.
OWASP: Preventing LDAP Injection in Java.
AntiXSS doc: LdapFilterEncode.
AntiXSS doc: LdapDistinguishedNameEncode.
diff --git a/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.qhelp b/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.qhelp
index 7df415aff5b..6d5d298c8e4 100644
--- a/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.qhelp
+++ b/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.qhelp
@@ -51,7 +51,7 @@ This next example shows how to specify the X-Frame-Options header w
OWASP:
-Clickjacking Defense Cheat Sheet.
+Clickjacking Defense Cheat Sheet.
Mozilla:
diff --git a/csharp/ql/src/Security Features/CWE-601/UrlRedirect.qhelp b/csharp/ql/src/Security Features/CWE-601/UrlRedirect.qhelp
index 989796b6738..3cf3cdaba6e 100644
--- a/csharp/ql/src/Security Features/CWE-601/UrlRedirect.qhelp
+++ b/csharp/ql/src/Security Features/CWE-601/UrlRedirect.qhelp
@@ -32,7 +32,7 @@ It also shows how to remedy the problem by validating the user input against a k
OWASP:
-XSS
+XSS
Unvalidated Redirects and Forwards Cheat Sheet.
diff --git a/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.qhelp b/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.qhelp
index 2e8e4fcf272..11b1136db4d 100644
--- a/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.qhelp
+++ b/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.qhelp
@@ -38,7 +38,7 @@ The solution is to set the DtdProcessing property to DtdProce
OWASP:
-XML External Entity (XXE) Prevention Cheat Sheet.
+XML External Entity (XXE) Prevention Cheat Sheet.
Microsoft Docs: System.XML: Security considerations.
diff --git a/java/ql/src/Security/CWE/CWE-079/XSS.qhelp b/java/ql/src/Security/CWE/CWE-079/XSS.qhelp
index 85bdfb130fd..428b44c8db9 100644
--- a/java/ql/src/Security/CWE/CWE-079/XSS.qhelp
+++ b/java/ql/src/Security/CWE/CWE-079/XSS.qhelp
@@ -29,7 +29,7 @@ leaving the website vulnerable to cross-site scripting.
OWASP:
-XSS
+XSS
(Cross Site Scripting) Prevention Cheat Sheet.
diff --git a/java/ql/src/Security/CWE/CWE-089/SqlTainted.qhelp b/java/ql/src/Security/CWE/CWE-089/SqlTainted.qhelp
index cab60173a62..f1ba450d4a0 100644
--- a/java/ql/src/Security/CWE/CWE-089/SqlTainted.qhelp
+++ b/java/ql/src/Security/CWE/CWE-089/SqlTainted.qhelp
@@ -67,7 +67,7 @@ in the environment variable or user-supplied value are not given any special tre
OWASP:
-SQL
+SQL
Injection Prevention Cheat Sheet.
The CERT Oracle Secure Coding Standard for Java:
diff --git a/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.qhelp b/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.qhelp
index 7415235610c..e469415d683 100644
--- a/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.qhelp
+++ b/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.qhelp
@@ -39,7 +39,7 @@ treatment.
OWASP:
-SQL
+SQL
Injection Prevention Cheat Sheet.
The CERT Oracle Secure Coding Standard for Java:
diff --git a/java/ql/src/Security/CWE/CWE-319/HttpsUrls.qhelp b/java/ql/src/Security/CWE/CWE-319/HttpsUrls.qhelp
index 8b8b0eff847..2cfdca624fb 100644
--- a/java/ql/src/Security/CWE/CWE-319/HttpsUrls.qhelp
+++ b/java/ql/src/Security/CWE/CWE-319/HttpsUrls.qhelp
@@ -37,7 +37,7 @@ connection is a secure SSL connection.
Class HttpsURLConnection.
OWASP:
-Transport Layer Protection Cheat Sheet.
+Transport Layer Protection Cheat Sheet.
diff --git a/java/ql/src/Security/CWE/CWE-319/UseSSL.qhelp b/java/ql/src/Security/CWE/CWE-319/UseSSL.qhelp
index 5856086330f..cec4937c8f7 100644
--- a/java/ql/src/Security/CWE/CWE-319/UseSSL.qhelp
+++ b/java/ql/src/Security/CWE/CWE-319/UseSSL.qhelp
@@ -38,7 +38,7 @@ Class HttpsURLConnection.
Class SSLSocket.
OWASP:
-Transport Layer Protection Cheat Sheet.
+Transport Layer Protection Cheat Sheet.
diff --git a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.qhelp b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.qhelp
index 56e9be97345..bf0dbc0bcac 100644
--- a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.qhelp
+++ b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.qhelp
@@ -33,7 +33,7 @@ uses explicit SSL factories, which are preferable.
Class SSLSocketFactory.
OWASP:
-Transport Layer Protection Cheat Sheet.
+Transport Layer Protection Cheat Sheet.
diff --git a/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.qhelp b/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.qhelp
index 4fb0ad88b45..61b50a986e3 100644
--- a/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.qhelp
+++ b/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.qhelp
@@ -58,7 +58,7 @@ OWASP vulnerability description:
OWASP guidance on deserializing objects:
-Deserialization Cheat Sheet.
+Deserialization Cheat Sheet.
Talks by Chris Frohoff & Gabriel Lawrence:
diff --git a/java/ql/src/Security/CWE/CWE-611/XXE.qhelp b/java/ql/src/Security/CWE/CWE-611/XXE.qhelp
index 75c5a2d4d7a..93d420f7495 100644
--- a/java/ql/src/Security/CWE/CWE-611/XXE.qhelp
+++ b/java/ql/src/Security/CWE/CWE-611/XXE.qhelp
@@ -52,7 +52,7 @@ OWASP vulnerability description:
OWASP guidance on parsing xml files:
-XXE Prevention Cheat Sheet.
+XXE Prevention Cheat Sheet.
Paper by Timothy Morgen:
diff --git a/java/ql/src/semmle/code/java/security/XmlParsers.qll b/java/ql/src/semmle/code/java/security/XmlParsers.qll
index 37a72f8128e..1f582489497 100644
--- a/java/ql/src/semmle/code/java/security/XmlParsers.qll
+++ b/java/ql/src/semmle/code/java/security/XmlParsers.qll
@@ -49,7 +49,7 @@ abstract class ParserConfig extends MethodAccess {
}
/*
- * https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#DocumentBuilder
+ * https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j
*/
/** The class `javax.xml.parsers.DocumentBuilderFactory`. */
@@ -227,7 +227,7 @@ class SafeDocumentBuilder extends DocumentBuilderConstruction {
}
/*
- * https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#XMLInputFactory_.28a_StAX_parser.29
+ * https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xmlinputfactory-a-stax-parser
*/
/** The class `javax.xml.stream.XMLInputFactory`. */
@@ -353,7 +353,7 @@ class SafeXmlInputFactory extends VarAccess {
}
/*
- * https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#SAXBuilder
+ * https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#saxbuilder
*/
/**
@@ -429,7 +429,7 @@ class SafeSAXBuilder extends VarAccess {
/*
* The case in
- * https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#Unmarshaller
+ * https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller
* will be split into two, one covers a SAXParser as a sink, the other the SAXSource as a sink.
*/
@@ -545,7 +545,7 @@ class SafeSAXParser extends MethodAccess {
}
}
-/* SAXReader: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#SAXReader */
+/* SAXReader: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#saxreader */
/**
* The class `org.dom4j.io.SAXReader`.
*/
@@ -621,7 +621,7 @@ class SafeSAXReader extends VarAccess {
}
}
-/* https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#XMLReader */
+/* https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xmlreader */
/** The class `org.xml.sax.XMLReader`. */
class XMLReader extends RefType {
XMLReader() { this.hasQualifiedName("org.xml.sax", "XMLReader") }
@@ -756,7 +756,7 @@ class CreatedSafeXMLReader extends Call {
/*
* SAXSource in
- * https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#Unmarshaller
+ * https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller
*/
/** The class `javax.xml.transform.sax.SAXSource` */
@@ -811,7 +811,7 @@ class SafeSAXSource extends Expr {
}
}
-/* Transformer: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#TransformerFactory */
+/* Transformer: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#transformerfactory */
/** An access to a method use for configuring a transformer or schema. */
abstract class TransformerConfig extends MethodAccess {
/** Holds if the configuration is disabled */
@@ -975,7 +975,7 @@ class SafeTransformer extends MethodAccess {
}
/*
- * SAXTransformer: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#SAXTransformerFactory
+ * SAXTransformer: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#saxtransformerfactory
* Has an extra method called newFilter.
*/
@@ -996,7 +996,7 @@ class SAXTransformerFactoryNewXMLFilter extends XmlParserCall {
}
}
-/* Schema: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#SchemaFactory */
+/* Schema: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#schemafactory */
/** The class `javax.xml.validation.SchemaFactory`. */
class SchemaFactory extends RefType {
SchemaFactory() { this.hasQualifiedName("javax.xml.validation", "SchemaFactory") }
@@ -1060,7 +1060,7 @@ class SafeSchemaFactory extends VarAccess {
}
}
-/* Unmarshaller: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#Unmarshaller */
+/* Unmarshaller: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller */
/** The class `javax.xml.bind.Unmarshaller`. */
class XmlUnmarshaller extends RefType {
XmlUnmarshaller() { this.hasQualifiedName("javax.xml.bind", "Unmarshaller") }
@@ -1081,7 +1081,7 @@ class XmlUnmarshal extends XmlParserCall {
override predicate isSafe() { none() }
}
-/* XPathExpression: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#XPathExpression */
+/* XPathExpression: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xpathexpression */
/** The class `javax.xml.xpath.XPathExpression`. */
class XPathExpression extends RefType {
XPathExpression() { this.hasQualifiedName("javax.xml.xpath", "XPathExpression") }
diff --git a/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.qhelp b/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.qhelp
index 771c446c66f..a5e0a78b8cc 100644
--- a/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.qhelp
+++ b/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.qhelp
@@ -68,6 +68,6 @@
MDN: Regular Expressions
OWASP: SSRF
- OWASP: XSS Unvalidated Redirects and Forwards Cheat Sheet.
+ OWASP: XSS Unvalidated Redirects and Forwards Cheat Sheet.
diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qhelp b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qhelp
index b23557aa557..90e6f2762e2 100644
--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qhelp
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qhelp
@@ -83,6 +83,6 @@
OWASP: SSRF
- OWASP: XSS Unvalidated Redirects and Forwards Cheat Sheet.
+ OWASP: XSS Unvalidated Redirects and Forwards Cheat Sheet.
diff --git a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.qhelp b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.qhelp
index 807574c5898..015e510f0fb 100644
--- a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.qhelp
+++ b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.qhelp
@@ -71,6 +71,6 @@
MDN: Regular Expressions
OWASP: SSRF
- OWASP: XSS Unvalidated Redirects and Forwards Cheat Sheet.
+ OWASP: XSS Unvalidated Redirects and Forwards Cheat Sheet.
diff --git a/javascript/ql/src/Security/CWE-079/ReflectedXss.qhelp b/javascript/ql/src/Security/CWE-079/ReflectedXss.qhelp
index 0502889fba0..dcbf0ba6f07 100644
--- a/javascript/ql/src/Security/CWE-079/ReflectedXss.qhelp
+++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.qhelp
@@ -37,7 +37,7 @@ Sanitizing the user-controlled data prevents the vulnerability:
OWASP:
-XSS
+XSS
(Cross Site Scripting) Prevention Cheat Sheet.
diff --git a/javascript/ql/src/Security/CWE-079/StoredXss.qhelp b/javascript/ql/src/Security/CWE-079/StoredXss.qhelp
index 1c3fde01798..0e6ed6456c9 100644
--- a/javascript/ql/src/Security/CWE-079/StoredXss.qhelp
+++ b/javascript/ql/src/Security/CWE-079/StoredXss.qhelp
@@ -48,7 +48,7 @@
OWASP:
- XSS
+ XSS
(Cross Site Scripting) Prevention Cheat Sheet.
diff --git a/javascript/ql/src/Security/CWE-079/Xss.qhelp b/javascript/ql/src/Security/CWE-079/Xss.qhelp
index 34ea1d821b6..c974c87b188 100644
--- a/javascript/ql/src/Security/CWE-079/Xss.qhelp
+++ b/javascript/ql/src/Security/CWE-079/Xss.qhelp
@@ -33,12 +33,12 @@ leaving the website vulnerable to cross-site scripting.
OWASP:
-DOM based
+DOM based
XSS Prevention Cheat Sheet.
OWASP:
-XSS
+XSS
(Cross Site Scripting) Prevention Cheat Sheet.
diff --git a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp
index 9b230852919..e0ccf71572f 100644
--- a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp
+++ b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp
@@ -45,7 +45,7 @@
NIST, FIPS 140 Annex a: Approved Security Functions.
NIST, SP 800-131A: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
OWASP: Rule
+ href="https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#rule---use-strong-approved-authenticated-encryption">Rule
- Use strong approved cryptographic algorithms.
diff --git a/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.qhelp b/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.qhelp
index ad659015d67..e73ea063b5d 100644
--- a/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.qhelp
+++ b/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.qhelp
@@ -67,7 +67,7 @@
OWASP:
- Clickjacking Defense Cheat Sheet.
+ Clickjacking Defense Cheat Sheet.
Mozilla:
diff --git a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
index e7b956b10f4..5f5b77cbd7d 100644
--- a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
+++ b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
@@ -41,7 +41,7 @@ OWASP vulnerability description:
OWASP guidance on deserializing objects:
-Deserialization Cheat Sheet.
+Deserialization Cheat Sheet.
Neal Poole:
diff --git a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.qhelp b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.qhelp
index d4d36fe09bc..392df3e6cbd 100644
--- a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.qhelp
+++ b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.qhelp
@@ -31,7 +31,7 @@ website of their choosing, which facilitates phishing attacks:
-OWASP:
+OWASP:
XSS Unvalidated Redirects and Forwards Cheat Sheet.
diff --git a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.qhelp b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.qhelp
index cb54477dde5..2052f16146b 100644
--- a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.qhelp
+++ b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.qhelp
@@ -35,7 +35,7 @@ before doing the redirection:
-OWASP:
+OWASP:
XSS Unvalidated Redirects and Forwards Cheat Sheet.
diff --git a/javascript/ql/src/Security/CWE-770/MissingRateLimiting.qhelp b/javascript/ql/src/Security/CWE-770/MissingRateLimiting.qhelp
index 1832a803a77..8d4bc0ab5d0 100644
--- a/javascript/ql/src/Security/CWE-770/MissingRateLimiting.qhelp
+++ b/javascript/ql/src/Security/CWE-770/MissingRateLimiting.qhelp
@@ -36,7 +36,7 @@ can be used:
OWASP:
-Denial of Service Cheat Sheet.
+Denial of Service Cheat Sheet.
Wikipedia: Denial-of-service attack.
diff --git a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.qhelp b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.qhelp
index 2b1d2b02a31..1efdbe694b1 100644
--- a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.qhelp
+++ b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.qhelp
@@ -50,6 +50,6 @@
- OWASP: Password storage.
+ OWASP: Password storage.
diff --git a/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.qhelp b/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.qhelp
index b542ae252eb..8eb0f43eb01 100644
--- a/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.qhelp
+++ b/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.qhelp
@@ -64,6 +64,6 @@
OWASP: SSRF
- OWASP: XSS Unvalidated Redirects and Forwards Cheat Sheet.
+ OWASP: XSS Unvalidated Redirects and Forwards Cheat Sheet.
diff --git a/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qhelp b/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qhelp
index 6c783a4f729..828c71153b5 100644
--- a/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qhelp
+++ b/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qhelp
@@ -80,6 +80,6 @@
OWASP: SSRF
- OWASP: XSS Unvalidated Redirects and Forwards Cheat Sheet.
+ OWASP: XSS Unvalidated Redirects and Forwards Cheat Sheet.
diff --git a/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.qhelp b/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.qhelp
index 4497437aac1..5b4d21bb37e 100644
--- a/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.qhelp
+++ b/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.qhelp
@@ -38,7 +38,7 @@ Jinja2: API.
Wikipedia: Cross-site scripting.
-OWASP: XSS (Cross Site Scripting) Prevention Cheat Sheet.
+OWASP: XSS (Cross Site Scripting) Prevention Cheat Sheet.
diff --git a/python/ql/src/Security/CWE-079/ReflectedXss.qhelp b/python/ql/src/Security/CWE-079/ReflectedXss.qhelp
index 8cdeb4d3e79..04a83fba6b4 100644
--- a/python/ql/src/Security/CWE-079/ReflectedXss.qhelp
+++ b/python/ql/src/Security/CWE-079/ReflectedXss.qhelp
@@ -31,7 +31,7 @@ The second view is safe as first_name is escaped, so it is not vuln
OWASP:
-XSS
+XSS
(Cross Site Scripting) Prevention Cheat Sheet.
diff --git a/python/ql/src/Security/CWE-089/SqlInjection.qhelp b/python/ql/src/Security/CWE-089/SqlInjection.qhelp
index 286b71a6047..63941706e84 100644
--- a/python/ql/src/Security/CWE-089/SqlInjection.qhelp
+++ b/python/ql/src/Security/CWE-089/SqlInjection.qhelp
@@ -51,6 +51,6 @@ vulnerable to SQL injection attacks. In this example, if username w
Wikipedia: SQL injection.
-OWASP: SQL Injection Prevention Cheat Sheet.
+OWASP: SQL Injection Prevention Cheat Sheet.
diff --git a/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp b/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp
index 6cc787e52e4..1b4031b1cc5 100644
--- a/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp
+++ b/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp
@@ -49,7 +49,7 @@
NIST, FIPS 140 Annex a: Approved Security Functions.
NIST, SP 800-131A: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
OWASP: Rule
+ href="https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#rule---use-strong-approved-authenticated-encryption">Rule
- Use strong approved cryptographic algorithms.
diff --git a/python/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp b/python/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
index f298e62695f..8c2660b9865 100644
--- a/python/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
+++ b/python/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
@@ -49,7 +49,7 @@ OWASP vulnerability description:
OWASP guidance on deserializing objects:
-Deserialization Cheat Sheet.
+Deserialization Cheat Sheet.
Talks by Chris Frohoff & Gabriel Lawrence:
diff --git a/python/ql/src/Security/CWE-601/UrlRedirect.qhelp b/python/ql/src/Security/CWE-601/UrlRedirect.qhelp
index c2e053f030b..756a43cc106 100644
--- a/python/ql/src/Security/CWE-601/UrlRedirect.qhelp
+++ b/python/ql/src/Security/CWE-601/UrlRedirect.qhelp
@@ -35,7 +35,7 @@ before doing the redirection:
-OWASP:
+OWASP:
XSS Unvalidated Redirects and Forwards Cheat Sheet.