update actions in workflows

.github/workflows/ci.yaml

@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@v5.0.0
 
       - name: Link Checker
-        uses: lycheeverse/lychee-action@v2.6.1
+        uses: lycheeverse/lychee-action@v2.7.0
         with:
           args: >-
             --no-progress
@@ -44,7 +44,7 @@ jobs:
         uses: actions/checkout@v5.0.0
 
       - name: Lint markdown
-        uses: DavidAnson/markdownlint-cli2-action@v20.0.0
+        uses: DavidAnson/markdownlint-cli2-action@v21.0.0
         with:
           config: '.markdownlint.yaml'
           globs: |
@@ -60,12 +60,12 @@ jobs:
         uses: actions/checkout@v5.0.0
 
       - name: Spell check EN language
-        uses: rojopolis/spellcheck-github-actions@0.53.0
+        uses: rojopolis/spellcheck-github-actions@0.54.0
         with:
           config_path: .spellcheck-en.yaml
 
       - name: Spell check ES language
-        uses: rojopolis/spellcheck-github-actions@0.53.0
+        uses: rojopolis/spellcheck-github-actions@0.54.0
         with:
           config_path: .spellcheck-es.yaml
 

.github/workflows/housekeeping.yaml

@@ -37,7 +37,7 @@ jobs:
         uses: actions/checkout@v5.0.0
 
       - name: Link Checker
-        uses: lycheeverse/lychee-action@v2.6.1
+        uses: lycheeverse/lychee-action@v2.7.0
         with:
           # skip the jekyll files under '_includes' directory, check all other directories
           args: >-

.github/workflows/pr.yaml

@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v5.0.0
 
       - name: Link Checker
-        uses: lycheeverse/lychee-action@v2.6.1
+        uses: lycheeverse/lychee-action@v2.7.0
         with:
           args: >-
             --no-progress
@@ -37,7 +37,7 @@ jobs:
         uses: actions/checkout@v5.0.0
 
       - name: Lint markdown
-        uses: DavidAnson/markdownlint-cli2-action@v20.0.0
+        uses: DavidAnson/markdownlint-cli2-action@v21.0.0
         with:
           config: '.markdownlint.yaml'
           globs: |
@@ -53,7 +53,7 @@ jobs:
         uses: actions/checkout@v5.0.0
 
       - name: Spell check EN language
-        uses: rojopolis/spellcheck-github-actions@0.53.0
+        uses: rojopolis/spellcheck-github-actions@0.54.0
         with:
           config_path: .spellcheck-en.yaml
 
@@ -65,7 +65,7 @@ jobs:
         uses: actions/checkout@v5.0.0
 
       - name: Spell check ES language
-        uses: rojopolis/spellcheck-github-actions@0.53.0
+        uses: rojopolis/spellcheck-github-actions@0.54.0
         with:
           config_path: .spellcheck-es.yaml
 

.markdownlint.yaml

@@ -13,5 +13,4 @@ MD013:
   line_length: 125
   stern: true
   strict: false
-  tables: true
-
+  tables: false

README.md

@@ -1,9 +1,9 @@
 <a href="https://devguide.owasp.org/"><img src="docs/assets/images/dg_logo_di.png" alt="DevGuide logo" height="180px"/></a>
 
 [![CC BY-SA 4.0 license](https://img.shields.io/github/license/owasp/DevGuide.svg)](license.txt)
-[![OWASP Lab project](https://img.shields.io/badge/owasp-lab%20project-f7b73c.svg)](https://www.owasp.org/projects)
+[![OWASP Lab project](https://img.shields.io/badge/owasp-lab%20project-f7b73c.svg)](https://owasp.org/projects/)
 [![Build status](https://github.com/OWASP/DevGuide/actions/workflows/ci.yaml/badge.svg?event=push)][build]
-[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9373/badge)](https://www.bestpractices.dev/projects/9373)
+[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9373/badge)](https://www.bestpractices.dev/en/projects/9373)
 
 ## OWASP Foundation Developer Guide
 

code_of_conduct.md

@@ -126,8 +126,8 @@ and translations are available of this [contributor covenant][translate].
 
 OWASP DevGuide: _accessible security for developers_
 
-[cofc]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
-[diversity]: https://github.com/mozilla/diversity
-[faq]: https://www.contributor-covenant.org/faq
+[cofc]: https://www.contributor-covenant.org/version/2/0/code_of_conduct/
+[diversity]: https://github.com/mozilla/inclusion
+[faq]: https://www.contributor-covenant.org/faq/
 [homepage]: https://www.contributor-covenant.org
-[translate]: https://www.contributor-covenant.org/translations
+[translate]: https://www.contributor-covenant.org/translations/

docs/en/02-foundations/02-secure-development.md

@@ -170,7 +170,7 @@ The OWASP Developer Guide is a community effort; if there is something that need
 then [submit an issue][issue0402] or [edit on GitHub][edit0402].
 
 [amass]: https://owasp.org/www-project-amass/
-[apisec]: https://owasp.org/API-Security
+[apisec]: https://owasp.org/API-Security/
 [asvs]: https://owasp.org/www-project-application-security-verification-standard/
 [champions]: https://owasp.org/www-project-security-champions-guidebook/
 [cscicd]: https://cheatsheetseries.owasp.org/cheatsheets/CI_CD_Security_Cheat_Sheet
@@ -185,7 +185,7 @@ then [submit an issue][issue0402] or [edit on GitHub][edit0402].
 [depcheck]: https://owasp.org/www-project-dependency-check/
 [deptrack]: https://dependencytrack.org/
 [devsecops]: https://owasp.org/www-project-devsecops-guideline/
-[defectdojo]: https://www.defectdojo.org/
+[defectdojo]: https://defectdojo.com/community
 [edit0402]: https://github.com/OWASP/DevGuide/blob/main/docs/en/02-foundations/02-secure-development.md
 [esapi-project]: https://owasp.org/www-project-enterprise-security-api/
 [github]: https://github.com/

docs/en/02-foundations/05-top-ten.md

@@ -187,7 +187,7 @@ then [submit an issue][issue0405] or [edit on GitHub][edit0405].
 [a09cs]: https://cheatsheetseries.owasp.org/IndexTopTen.html#a092021-security-logging-and-monitoring-failures
 [a10]: https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
 [a10cs]: https://cheatsheetseries.owasp.org/IndexTopTen.html#a102021-server-side-request-forgery-ssrf
-[apisec]: https://owasp.org/API-Security
+[apisec]: https://owasp.org/API-Security/
 [cicd10]: https://owasp.org/www-project-top-10-ci-cd-security-risks/
 [cschain]: https://cheatsheetseries.owasp.org/cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet
 [cscloud]: https://cheatsheetseries.owasp.org/cheatsheets/Secure_Cloud_Architecture_Cheat_Sheet

docs/en/03-requirements/02-risk.md

@@ -86,9 +86,9 @@ then [submit an issue][issue0502] or [edit on GitHub][edit0502].
 [cvss]: https://www.first.org/cvss/
 [edit0502]: https://github.com/OWASP/DevGuide/blob/main/docs/en/03-requirements/02-risk.md
 [issue0502]: https://github.com/OWASP/DevGuide/issues/new?labels=enhancement&template=request.md&title=Update:%2003-requirements/02-risk
-[nist]: https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final
+[nist]: https://csrc.nist.gov/pubs/sp/800/30/r1/final
 [rra]: https://infosec.mozilla.org/guidelines/risk/rapid_risk_assessment.html
 [rrm]: https://owasp.org/www-community/OWASP_Risk_Rating_Methodology
 [rrs]: https://infosec.mozilla.org/guidelines/assessing_security_risk
 [samm]: https://owaspsamm.org/about/
-[tra]: https://cyber.gc.ca/en/guidance/harmonized-tra-methodology-tra-1
+[tra]: https://www.cyber.gc.ca/en/tools-services/harmonized-tra-methodology

docs/en/04-design/01-threat-modeling/01-threat-modeling.md

@@ -269,7 +269,7 @@ then [submit an issue][issue060101] or [edit on GitHub][edit060101].
 [stride]: https://en.wikipedia.org/wiki/STRIDE_%28security%29
 [tdtm]: https://owasp.org/www-project-threat-dragon/
 [tmpb]: https://owasp.org/www-project-threat-modeling-playbook/
-[tmproject]: https://owasp.org/www-project-threat-model/
+[tmproject]: https://owasp.org/www-project-threat-modeling/
 [tmmanifesto]: https://www.threatmodelingmanifesto.org/
 [TM]: https://owasp.org/www-community/Threat_Modeling
 [TMP]: https://owasp.org/www-community/Threat_Modeling_Process

docs/en/04-design/01-threat-modeling/06-toolkit.md

@@ -52,6 +52,6 @@ then [submit an issue][issue060106] or [edit on GitHub][edit060106].
 [edit060106]: https://github.com/OWASP/DevGuide/blob/main/docs/en/04-design/01-threat-modeling/06-toolkit.md
 [toolkit]: https://www.youtube.com/watch?v=KGy_KCRUGd4
 [tmpb]: https://owasp.org/www-project-threat-modeling-playbook/
-[tmproject]: https://owasp.org/www-project-threat-model/
+[tmproject]: https://owasp.org/www-project-threat-modeling/
 [TM]: https://owasp.org/www-community/Threat_Modeling
 [TMP]: https://owasp.org/www-community/Threat_Modeling_Process

docs/en/04-design/02-web-app-checklist/04-encode-escape-data.md

@@ -46,7 +46,7 @@ then [submit an issue][issue060204] or [edit on GitHub][edit060204].
 [control3]: https://top10proactive.owasp.org/the-top-10/c3-validate-input-and-handle-exceptions/
 [control10]: https://top10proactive.owasp.org/the-top-10/c10-stop-server-side-request-forgery/
 [edit060204]: https://github.com/OWASP/DevGuide/blob/main/docs/en/04-design/02-web-app-checklist/04-encode-escape-data.md
-[encoder]: https://www.owasp.org/index.php/OWASP_Java_Encoder_Project
+[encoder]: https://owasp.org/www-project-java-encoder/
 [ipcs]: https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet
 [issue060204]: https://github.com/OWASP/DevGuide/issues/new?labels=enhancement&template=request.md&title=Update:%2004-design/02-web-app-checklist/04-encode-escape-data
 [proactive10]: https://top10proactive.owasp.org/

docs/en/04-design/02-web-app-checklist/05-validate-inputs.md

@@ -72,4 +72,4 @@ then [submit an issue][issue060205] or [edit on GitHub][edit060205].
 [edit060205]: https://github.com/OWASP/DevGuide/blob/main/docs/en/04-design/02-web-app-checklist/05-validate-inputs.md
 [issue060205]: https://github.com/OWASP/DevGuide/issues/new?labels=enhancement&template=request.md&title=Update:%2004-design/02-web-app-checklist/05-validate-inputs
 [proactive10]: https://top10proactive.owasp.org
-[sanitizer]: https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer
+[sanitizer]: https://owasp.org/www-project-java-html-sanitizer/

docs/en/05-implementation/03-secure-libraries/01-esapi.md

@@ -53,7 +53,7 @@ There is a reference implementation for each security control.
 The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue070301] or [edit on GitHub][edit070301].
 
-[bean]: http://beanvalidation.org/
+[bean]: https://beanvalidation.org/
 [csrfguard]: https://owasp.org/www-project-csrfguard/
 [cscsrf]: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet
 [edit070301]: https://github.com/OWASP/DevGuide/blob/main/docs/en/05-implementation/03-secure-libraries/01-esapi.md
@@ -62,7 +62,7 @@ then [submit an issue][issue070301] or [edit on GitHub][edit070301].
 [esapi-project]: https://owasp.org/www-project-enterprise-security-api/
 [esapi-question]: https://owasp.org/www-project-enterprise-security-api/#div-shouldiuseesapi
 [google-keyczar]: https://github.com/google/keyczar
-[google-tink]: https://github.com/google/tink
+[google-tink]: https://github.com/tink-crypto/tink
 [issue070301]: https://github.com/OWASP/DevGuide/issues/new?labels=content&template=request.md&title=Update:%2005-implementation/03-secure-libraries/01-esapi
 [java-encoder]: https://owasp.org/www-project-java-encoder
 [java-sanitizer]: https://owasp.org/www-project-java-html-sanitizer

docs/en/06-verification/02-tools/03-owtf.md

@@ -38,6 +38,6 @@ then [submit an issue][issue080203] or [edit on GitHub][edit080203].
 [issue080203]: https://github.com/OWASP/DevGuide/issues/new?labels=content&template=request.md&title=Update:%2006-verification/02-tools/03-owtf
 [kali]: https://www.kali.org/
 [owtfinstall]: https://owtf.readthedocs.io/en/develop/installation/methods.html
-[owtfdocs]: https://owtf.readthedocs.io/
+[owtfdocs]: https://owtf.readthedocs.io/en/develop/
 [owtfdownload]: https://github.com/owtf/owtf/releases
 [owtf]: https://owasp.org/www-project-owtf/

docs/en/06-verification/03-frameworks/01-secure-codebox.md

@@ -78,8 +78,8 @@ then [submit an issue][issue080301] or [edit on GitHub][edit080301].
 [codebox]: https://www.securecodebox.io/
 [codebox-project]: https://owasp.org/www-project-securecodebox/
 [codebox-repo]: https://charts.securecodebox.io
-[codebox-start]: https://www.securecodebox.io/docs/getting-started/first-scans
-[codebox-docs]: https://www.securecodebox.io/docs/getting-started/installation
+[codebox-start]: https://www.securecodebox.io/docs/getting-started/first-scans/
+[codebox-docs]: https://www.securecodebox.io/docs/getting-started/installation/
 [edit080301]: https://github.com/OWASP/DevGuide/blob/main/docs/en/06-verification/03-frameworks/01-secure-codebox.md
 [helm]: https://helm.sh/
 [issue080301]: https://github.com/OWASP/DevGuide/issues/new?labels=content&template=request.md&title=Update:%2006-verification/03-frameworks/01-secure-codebox

docs/en/06-verification/04-vulnerability-management/01-defectdojo.md

@@ -62,12 +62,12 @@ setting up, usage and integrations.
 The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue080401] or [edit on GitHub][edit080401].
 
-[defectdojo]: https://www.defectdojo.com/
-[defectdojo-docs]: https://documentation.defectdojo.com/
+[defectdojo]: https://defectdojo.com/
+[defectdojo-docs]: https://docs.defectdojo.com/
 [defectdojo-docker]: https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/DOCKER.md
 [defectdojo-install]: https://docs.defectdojo.com/en/about_defectdojo/new_user_checklist/
 [defectdojo-project]: https://owasp.org/www-project-defectdojo/
-[defectdojo-tools]: https://www.defectdojo.com/integrations
+[defectdojo-tools]: https://defectdojo.com/integrations
 [edit080401]: https://github.com/OWASP/DevGuide/blob/main/docs/en/06-verification/04-vulnerability-management/01-defectdojo.md
 [issue080401]: https://github.com/OWASP/DevGuide/issues/new?labels=content&template=request.md&title=Update:%2006-verification/04-vulnerability-management/01-defectdojo
 [purple]: https://www.youtube.com/watch?v=FMUrL3Jzmzg

docs/en/11-security-gap-analysis/01-guides/01-samm.md

@@ -52,8 +52,8 @@ The [SAMM Assessment][samma] tools include spreadsheets and online tools such as
 The SAMM model describes these fundamentals of software security, which it calls Business Functions.
 Each of these five fundamentals are further split into three Business Practices:
 
-| Business Function       | Business Practices                 |                                        |        |
-| ----------------------- | ---------------------------------- | -------------------------------------- | ------ |
+| Business Function       | Business Practices                 |                                        |                                   |
+| ----------------------- | ---------------------------------- | -------------------------------------- | --------------------------------- |
 | [Governance][sammg]     | [Strategy and Metrics][sammgsm]    | [Policy and Compliance][sammgpc]       | [Education and Guidance][sammgeg] |
 | [Design][sammd]         | [Threat Assessment][sammdta]       | [Security Requirements][sammdsr]       | [Secure Architecture][sammdsa]    |
 | [Implementation][sammi] | [Secure Build][sammisb]            | [Secure Deployment][sammisd]           | [Defect Management][sammidm]      |

docs/es/02-foundations/02-secure-development.md

@@ -188,7 +188,7 @@ La Guía del Desarrollador de OWASP es un esfuerzo comunitario;
 si ve algo que necesita cambios, entonces [cree un issue][issue0402] o [edítelo en GitHub][edit0402].
 
 [amass]: https://owasp.org/www-project-amass/
-[apisec]: https://owasp.org/API-Security
+[apisec]: https://owasp.org/API-Security/
 [asvs]: https://owasp.org/www-project-application-security-verification-standard/
 [champions]: https://owasp.org/www-project-security-champions-guidebook/
 [cscicd]: https://cheatsheetseries.owasp.org/cheatsheets/CI_CD_Security_Cheat_Sheet
@@ -202,7 +202,7 @@ si ve algo que necesita cambios, entonces [cree un issue][issue0402] o [edítelo
 [depcheck]: https://owasp.org/www-project-dependency-check/
 [deptrack]: https://dependencytrack.org/
 [devsecops]: https://owasp.org/www-project-devsecops-guideline/
-[defectdojo]: https://www.defectdojo.org/
+[defectdojo]: https://defectdojo.com/community
 [edit0402]: https://github.com/OWASP/DevGuide/blob/main/docs/es/02-foundations/02-secure-development.md
 [esapi-project]: https://owasp.org/www-project-enterprise-security-api/
 [github]: https://github.com/

docs/es/02-foundations/05-top-ten.md

@@ -208,7 +208,7 @@ si ve algo que necesita cambios, entonces [cree un issue][issue0405] o [edítelo
 [a09cs]: https://cheatsheetseries.owasp.org/IndexTopTen.html#a092021-security-logging-and-monitoring-failures
 [a10]: https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
 [a10cs]: https://cheatsheetseries.owasp.org/IndexTopTen.html#a102021-server-side-request-forgery-ssrf
-[apisec]: https://owasp.org/API-Security
+[apisec]: https://owasp.org/API-Security/
 [cicd10]: https://owasp.org/www-project-top-10-ci-cd-security-risks/
 [cschain]: https://cheatsheetseries.owasp.org/cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet
 [cscloud]: https://cheatsheetseries.owasp.org/cheatsheets/Secure_Cloud_Architecture_Cheat_Sheet

docs/es/03-requirements/02-risk.md

@@ -95,9 +95,9 @@ entonces [cree un issue][issue0502] o [edítelo en GitHub][edit0502].
 [edit0502]: https://github.com/OWASP/DevGuide/blob/main/docs/es/03-requirements/02-risk.md
 [en0502]: https://devguide.owasp.org/en/03-requirements/02-risk/
 [issue0502]: https://github.com/OWASP/DevGuide/issues/new?labels=enhancement&template=request.md&title=Update:%2003-requirements/02-risk
-[nist]: https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final
+[nist]: https://csrc.nist.gov/pubs/sp/800/30/r1/final
 [rra]: https://infosec.mozilla.org/guidelines/risk/rapid_risk_assessment.html
 [rrm]: https://owasp.org/www-community/OWASP_Risk_Rating_Methodology
 [rrs]: https://infosec.mozilla.org/guidelines/assessing_security_risk
 [samm]: https://owaspsamm.org/about/
-[tra]: https://cyber.gc.ca/en/guidance/harmonized-tra-methodology-tra-1
+[tra]: https://www.cyber.gc.ca/en/tools-services/harmonized-tra-methodology

docs/es/04-design/01-threat-modeling/01-threat-modeling.md

@@ -288,7 +288,7 @@ La Guía del Desarrollador de OWASP es un esfuerzo comunitario; si hay algo que
 [stride]: https://en.wikipedia.org/wiki/STRIDE_%28security%29
 [tdtm]: https://owasp.org/www-project-threat-dragon/
 [tmpb]: https://owasp.org/www-project-threat-modeling-playbook/
-[tmproject]: https://owasp.org/www-project-threat-model/
+[tmproject]: https://owasp.org/www-project-threat-modeling/
 [tmmanifesto]: https://www.threatmodelingmanifesto.org/
 [TM]: https://owasp.org/www-community/Threat_Modeling
 [TMP]: https://owasp.org/www-community/Threat_Modeling_Process

docs/es/04-design/02-web-app-checklist/04-encode-escape-data.md

@@ -45,7 +45,7 @@ entonces [cree un issue][issue060204] o [edítelo en GitHub][edit060204].
 [csproactive-c4]: https://cheatsheetseries.owasp.org/IndexProactiveControls.html#c4-encode-and-escape-data
 [control3]: https://top10proactive.owasp.org/the-top-10/c3-validate-input-and-handle-exceptions/
 [edit060204]: https://github.com/OWASP/DevGuide/blob/main/docs/es/04-design/02-web-app-checklist/04-encode-escape-data.md
-[encoder]: https://www.owasp.org/index.php/OWASP_Java_Encoder_Project
+[encoder]: https://owasp.org/www-project-java-encoder/
 [ipcs]: https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet
 [en060204]: https://devguide.owasp.org/en/04-design/02-web-app-checklist/04-encode-escape-data/
 [issue060204]: https://github.com/OWASP/DevGuide/issues/new?labels=enhancement&template=request.md&title=Update:%2004-design/02-web-app-checklist/04-encode-escape-data

docs/es/04-design/02-web-app-checklist/05-validate-inputs.md

@@ -65,4 +65,4 @@ entonces [cree un issue][issue060205] o [edítelo en GitHub][edit060205].
 [en060205]: https://devguide.owasp.org/en/04-design/02-web-app-checklist/05-validate-inputs/
 [issue060205]: https://github.com/OWASP/DevGuide/issues/new?labels=enhancement&template=request.md&title=Update:%2004-design/02-web-app-checklist/05-validate-inputs
 [proactive10]: https://top10proactive.owasp.org
-[sanitizer]: https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer
+[sanitizer]: https://owasp.org/www-project-java-html-sanitizer/