update http status code and correct mispelling (#1225)

0liverFlow · web-flow · commit 937b817f2e38 · 2025-07-30T17:06:37.000-04:00
diff --git a/document/4-Web_Application_Security_Testing/12-API_Testing/00-API_Testing_Overview.md b/document/4-Web_Application_Security_Testing/12-API_Testing/00-API_Testing_Overview.md
@@ -98,7 +98,7 @@ Application APIs that conform to REST principles use the response status code of
 | 307           | Temporary Redirect    | Temporary redirection of resource                                                                      |
 | 400           | Bad Request           | Malformed request by the client                                                                        |
 | 401           | Unauthorized          | Client is not allowed to make requests or access a particular resource                                 |
-| 402           | Forbidden             | Client is forbidden to access the resource                                                             |
+| 403           | Forbidden             | Client is forbidden to access the resource                                                             |
 | 404           | Not Found             | Resource doesn't exist or incorrect based on the request                                               |
 | 405           | Method Not Allowed    | Invalid method or unknown method used                                                                  |
 | 500           | Internal Server Error | Server failed to process request due to an internal error                                              |
diff --git a/document/4-Web_Application_Security_Testing/12-API_Testing/01-API_Reconnaissance.md b/document/4-Web_Application_Security_Testing/12-API_Testing/01-API_Reconnaissance.md
@@ -16,7 +16,7 @@ APIs can be public or private.
 
 #### Public APIs
 
-Public APIs typically have their details published in a Swagger/OpenAPI document. Gaining access to this document is important to understand the attack surface. Equally important is finding older versions of this document that might show depricated but still functional code that may have security vulnerabilities.
+Public APIs typically have their details published in a Swagger/OpenAPI document. Gaining access to this document is important to understand the attack surface. Equally important is finding older versions of this document that might show deprecated but still functional code that may have security vulnerabilities.
 
 Keep in mind that this document, however well intentioned, may not be accurate, and also may not dislose the complete API.
 
