From 54d3397531afe514136662b189c04d94ad55d619 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= Date: Mon, 11 Mar 2024 20:37:38 +0100 Subject: [PATCH] docs: improve readability Co-authored-by: Chris de Almeida --- Security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Security.md b/Security.md index 3e7b60eb03..126144e91f 100644 --- a/Security.md +++ b/Security.md @@ -48,7 +48,7 @@ For a vulnerability to be considered, it must adhere to the context of the Expre **Elements Express Does NOT Trust**: -1. Data received from the remote end of inbound or sent to remote outbound network connections, which are accepted through the use of Express API and transformed/validated by Express before being passed to the application. +1. Data received from the remote end of inbound network connections and data sent to the remote end of outbound network connections, which are accepted through the use of the Express API and transformed/validated by Express before being passed to the application. In simpler terms, if the data passing through Express to/from the application can initiate actions beyond those documented for the API, it likely signifies a security vulnerability. Examples of unwanted actions include polluting globals, causing an unrecoverable crash, or any other unexpected side effects jeopardizing confidentiality, integrity, or availability.