Merge branch 'docs-update' into 'main'

Docs update

See merge request reportcreator/reportcreator!398

docs/docs/d/ad/direct-memory-access.md

@@ -1,3 +1,8 @@
+---
+search:
+  exclude: true
+---
+
 # Direct Memory Access
 ## Description
 Direct Memory Access (DMA) enables hardware devices such as network cards or USB controllers to access the system's main memory directly without involving the CPU. This allows faster data transfers.

docs/docs/d/ad/insecure-adidns.md

@@ -1,6 +1,9 @@
 ---
 grammarly: false
+search:
+  exclude: true
 ---
+
 # Insecure ADIDNS
 ## Description
 Domain controller DNS can store its zone data in Active Directory Domain Services (AD DS). There is no need for a separate DNS replication topology like DNS zone transfers. Any domain controller in a domain running the DNS server service can update the DNS zones built into Active Directory. All zone data is automatically replicated by Active Directory replication with domain controllers. 

docs/docs/d/ad/insecure-name-resolution-protocols.md

@@ -1,3 +1,8 @@
+---
+search:
+  exclude: true
+---
+
 # Insecure name resolution protocols
 ## Description
 An attacker gets into a MitM position if, for example, he is able to manipulate the name resolution in a network. This is the case if an attacker has direct access to the network. The Link-Local Multicast Name Resolution (LLMNR), NetBIOS Name Service (NBT-NS) or Multicast DNS (mDNS) protocols are, in addition to Domain Name System (DNS), three alternative ways of resolving host names in a network. 

docs/docs/d/ad/lsass-protection.md

@@ -1,6 +1,9 @@
 ---
 grammarly: false
+search:
+  exclude: true
 ---
+
 # LSASS protection
 ## Description
 The Local Security Authority Subsystem Service is a process in Microsoft Windows operating systems that is responsible for enforcing security policy on the system. For this purpose, among other things, it temporarily stores the credentials of logged-in users in order to perform authentications against other systems (e.g. when opening a file share).

docs/docs/d/ad/network-access-control.md

@@ -1,6 +1,9 @@
 ---
 grammarly: false
+search:
+  exclude: true
 ---
+
 # Network Access Control
 ## Description
 Network Access Control (NAC) allows you to define and enforce policies for access into a corporate network. For example, when a computer connects to a network, it is only allowed to access resources if it meets the policy set by the company (e.g., virus protection, current system version, specific configuration, etc.). Once the policy is met, the computer can access network resources and the Internet within the policy set by the NAC solution. The basic form of NAC is the 802.1X standard. 

docs/docs/d/ad/preboot-execution-environment.md

@@ -1,3 +1,8 @@
+---
+search:
+  exclude: true
+---
+
 # Preboot Execution Environment
 ## Description
 

docs/docs/d/ad/privileged-access-strategy.md

@@ -1,4 +1,6 @@
 ---
+search:
+  exclude: true
 grammarly: false
 ---
 # AD Privileged Access Strategy

docs/docs/d/ad/resource-based-constrained-delegation.md

@@ -1,3 +1,8 @@
+---
+search:
+  exclude: true
+---
+
 # Resource-based Constrained Delegation (RBCD)
 ## Description
 Resource-based Constrained Delegation (RBCD) is a particular type of Kerberos delegation configured in-depth for computer accounts. A computer account uses it to decide which other computers to trust for Kerberos delegations. This differs from the other types of delegation (Unconstrained and Constrained Delegation), configured on the computer accounts that want to access the resource (outbound). 

docs/docs/d/web/cross-site-request-forgery.md

@@ -1,3 +1,8 @@
+---
+search:
+  exclude: true
+---
+
 # Cross-Site Request Forgery (CSRF)
 ## Description
 

docs/docs/d/web/cross-site-scripting.md

@@ -1,3 +1,8 @@
+---
+search:
+  exclude: true
+---
+
 # Cross-site scripting (XSS)
 ## Description
 Cross-site scripting (XSS) is a web security vulnerability where an attacker can inject malicious scripts into the HTML structure of a website due to insufficient validation or encoding of data. In XSS attacks, attackers embed JavaScript code in the content delivered by the vulnerable web application.

docs/docs/d/web/insecure-http-cookies.md

@@ -1,3 +1,8 @@
+---
+search:
+  exclude: true
+---
+
 # Insecure HTTP cookies
 ## Description
 HTTP is a stateless protocol, meaning it cannot distinguish requests from different users without an additional mechanism. Addressing this problem requires a session mechanism. The most commonly used mechanism for managing HTTP sessions in browsers is cookie storage. An HTTP cookie is a small record that a server sends to a user's web browser. The browser can store the cookie and send it back to the same server for subsequent requests. Web applications can thus implement sessions for the stateless HTTP protocol. The server can use the HTTP cookie to distinguish requests from different users and to keep users logged in. 

docs/docs/d/web/insecure-storage-of-session-tokens.md

@@ -1,3 +1,8 @@
+---
+search:
+  exclude: true
+---
+
 # Insecure storage of session tokens
 ## Description
 Web browsers have security mechanims for protecting session tokens. Those mechanisms prevent access to the session token via JavaScript and ensuring that the session token is always sent via encrypted channels. They are however only applicable to Cookies.

docs/docs/d/web/path-traversal.md

@@ -1,3 +1,8 @@
+---
+search:
+  exclude: true
+---
+
 # Path traversal / Directory traversal
 ## Description
 Path Traversal is a web security vulnerability that allows an attacker to access files and directories on the underlying web server of a web application. 

docs/docs/d/web/sql-injection.md

@@ -1,3 +1,8 @@
+---
+search:
+  exclude: true
+---
+
 # SQL injection (SQLi)
 ## Description
 SQL Injection is a server-side vulnerability in web applications. It occurs when software developers create dynamic database queries that contain user input. To exploit this vulnerability, an attacker can craft user input so that the originally intended action of an SQL statement is changed. SQL injection vulnerabilities result from an application's failure to dynamically create database queries insecurely and to validate user input properly. The SQL language does not distinguish between control characters and data characters. Control characters in the data part of SQL statements must be encoded or escaped appropriately beforehand.

docs/docs/d/web/user-enumeration.md

@@ -1,3 +1,8 @@
+---
+search:
+  exclude: true
+---
+
 # User enumeration
 ## Description
 Web applications sometimes indicate whether a username or e-mail address exists as a user. Two of the most common places this occurs are the web application's login page or the "forgot password" functionality. For example, users who enter incorrect credentials receive the information that their password was wrong. An attacker can now use the information to determine whether a particular username exists. An attacker can now use the data to specify a list of valid usernames. 

docs/docs/designer/charts.md

@@ -107,8 +107,9 @@ The higher the score, the more of the chart area is filled.
 
 
 ## Plugins
-ChartJS supports plugins to extend the functionality of charts. 
-We provide following plugins:
+ChartJS supports plugins to extend the functionality of charts.  
+We provide the following plugins:
+
 * [chartjs-plugin-datalabels](https://chartjs-plugin-datalabels.netlify.app/guide/getting-started.html#configuration){ target=_blank }: Show labels on top of bars, lines, etc.
 
 Plugins are disabled by default. You can enable them using the `plugins` option in the `config` object of charts.