From 803cfbe9217f66d655197eb65c342c1a926e627b Mon Sep 17 00:00:00 2001
From: gavjl <68402352+gavjl@users.noreply.github.com>
Date: Wed, 8 Mar 2023 20:18:56 +0000
Subject: [PATCH] fix #75 link to real site

---
 2023/en/src/0xa9-improper-assets-management.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/2023/en/src/0xa9-improper-assets-management.md b/2023/en/src/0xa9-improper-assets-management.md
index be4d3eef3..fd9166607 100644
--- a/2023/en/src/0xa9-improper-assets-management.md
+++ b/2023/en/src/0xa9-improper-assets-management.md
@@ -48,8 +48,8 @@ An API has a "<ins>data flow blindspot</ins>" if:
 A social network implemented a rate-limiting mechanism that blocks attackers
 from using brute force to guess reset password tokens. This mechanism wasn't
 implemented as part of the API code itself but in a separate component between
-the client and the official API (www.socialnetwork.com). A researcher found a
-beta API host (www.mbasic.beta.socialnetwork.com) that runs the same API,
+the client and the official API (```api.socialnetwork.owasp.org```). A researcher found a
+beta API host (```beta.api.socialnetwork.owasp.org```) that runs the same API,
 including the reset password mechanism, but the rate-limiting mechanism was not
 in place. The researcher was able to reset the password of any user by using
 simple brute force to guess the 6 digit token.