OWASP · victoriadrake · Jan 24, 2020 · Jan 24, 2020 · Jan 24, 2020 · Jan 24, 2020
diff --git a/..._Side_Testing/4.12.13_Testing_for_Cross_Site_Script_Inclusion_OTG-CLIENT-013.md b/..._Side_Testing/4.12.13_Testing_for_Cross_Site_Script_Inclusion_OTG-CLIENT-013.md
@@ -1,4 +1,6 @@
-# Summary
+# Testing for Cross Site Script Inclusion
+
+## Summary
 
 Cross Site Script Inclusion (XSSI) vulnerability allows sensitive data leakage across-origin or cross-domain boundaries. Sensitive data could include authentication-related data (login states, cookies, auth tokens, session IDs, etc.) or user's personal or sensitive personal data (email addresses, phone numbers, credit card details, social security numbers, etc.). XSSI is a client-side attack similar to Cross Site Request Forgery (CSRF) but has a different purpose. Where CSRF uses the authenticated user context to execute certain state-changing actions inside a victim’s page (e.g. transfer money to the attacker's account, modify privileges, reset password, etc.), XSSI instead uses JavaScript on the client side to leak sensitive data from authenticated sessions.
 

diff --git a/document/README.md b/document/README.md
@@ -272,17 +272,19 @@
 
 [4.12.6 Testing for Client Side Resource Manipulation (OTG-CLIENT-006)](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.6_Testing_for_Client_Side_Resource_Manipulation_OTG-CLIENT-006.md)
 
-[4.12.7 Test Cross Origin Resource Sharing (OTG-CLIENT-007)](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.7_Test_Cross_Origin_Resource_Sharing_OTG-CLIENT-007.md)
+[4.12.7 Testing Cross Origin Resource Sharing (OTG-CLIENT-007)](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.7_Testing_Cross_Origin_Resource_Sharing_OTG-CLIENT-007.md)
 
 [4.12.8 Testing for Cross Site Flashing (OTG-CLIENT-008)](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.8_Testing_for_Cross_Site_Flashing_OTG-CLIENT-008.md)
 
 [4.12.9 Testing for Clickjacking (OTG-CLIENT-009)](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.9_Testing_for_Clickjacking_OTG-CLIENT-009.md)
 
 [4.12.10 Testing WebSockets (OTG-CLIENT-010)](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.10_Testing_WebSockets_OTG-CLIENT-010.md)
 
-[4.12.11 Test Web Messaging (OTG-CLIENT-011)](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.11_Test_Web_Messaging_OTG-CLIENT-011.md)
+[4.12.11 Testing Web Messaging (OTG-CLIENT-011)](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.11_Testing_Web_Messaging_OTG-CLIENT-011.md)
 
-[4.12.12 Test Local Storage (OTG-CLIENT-012)](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.12_Test_Local_Storage_OTG-CLIENT-012.md)
+[4.12.12 Testing Local Storage (OTG-CLIENT-012)](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.12_Testing_Web_Storage_OTG-CLIENT-012.md)
+
+[4.12.13 Testing for Cross Site Script Inclusion (OTG-CLIENT-013)](4_Web_Application_Security_Testing/4.12_Client_Side_Testing/4.12.13_Testing_for_Cross_Site_Script_Inclusion_OTG-CLIENT-013.md)
 
 ## [5. Reporting](5_Reporting/5_Reporting.md)