Update 0xa3-excessive-data-exposure.md

Author: inonshk

2019/en/src/0xa3-excessive-data-exposure.md

@@ -28,9 +28,9 @@ object.
 An IOT-based surveillance system allows administrators to create users with different permissions.
 An admin created a user for a new security guard that should have access only to specific buildings in the site.
 Once the security guard uses his IPAD, an API call is triggered to:
-"/api/sites/111/cameras" in order to receive data about the available cameras and show them on the dashboard.
+`"/api/sites/111/cameras"` in order to receive data about the available cameras and show them on the dashboard.
 The response contains a list with details cameras in the following format:
-{"id":"xxx","live_access_token":"xxxx-bbbbb","building_id":"yyy"}
+`{"id":"xxx","live_access_token":"xxxx-bbbbb","building_id":"yyy"}`
 While the client GUI shows only cameras the security guard should have access to, the actual API response contains a full list of all the cameras in the site.
 
 ## How To Prevent