Merge pull request #14 from szh/main

Add links to related OWASP resources

2025/docs/2-secret-leakage.md

@@ -39,6 +39,10 @@ Exposed secrets can lead to significant security risks. If a secret is leaked, w
    - Automate the process of secret rotation to reduce the impact of exposed credentials.
    - Use tools that support secret versioning and automated updates in dependent services.
 
+## Related OWASP Resources
+* [OWASP Secrets Management Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html)
+* [OWASP WrongSecrets project](https://github.com/OWASP/wrongsecrets/)
+
 ## References
 * 38TB of data accidentally exposed by Microsoft AI researchers - [link](https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers)
 * What Caused the Uber Data Breach? - [link](https://www.upguard.com/blog/what-caused-the-uber-data-breach)

2025/docs/4-insecure-authentication.md

@@ -26,6 +26,9 @@ However, some authentication methods are deprecated, vulnerable to known attacks
 - **Standardize OAuth Implementations:** Avoid custom practices that deviate from OAuth standards to minimize security gaps.
 - **Conduct Regular Security Audits:** Periodically review authentication methods to identify and eliminate deprecated or insecure configurations.
 
+## Related OWASP Resources
+* [OWASP Authentication Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html)
+
 ## References
 - [Salesforce: Disabling Insecure Authorization Flows](https://help.salesforce.com/s/articleView?id=sf.remoteaccess_disable_username_password_flow.htm&type=5)
 - [OAuth 2.0 Security Best Current Practice - Implicit Grant](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#name-implicit-grant)