fix(A9:2023RC): replace hostname example

PauloASilva · PauloASilva · commit b5ffae2dbe36 · 2023-04-27T22:58:04.000+01:00
Replace the hostname used as example with one that does not exist, preventing a link to be rendered. Closes #75
diff --git a/2023/en/src/0xa9-improper-inventory-management.md b/2023/en/src/0xa9-improper-inventory-management.md
@@ -16,7 +16,7 @@ the APIs are storing or sharing data with external third parties.
 Running multiple versions of an API requires additional management resources
 from the API provider and expands the attack surface.
 
-An API has a "<ins>documentation blindspot</ins>“ if:
+An API has a "<ins>documentation blindspot</ins>" if:
 
 * The purpose of an API host is unclear, and there are no explicit answers to
   the following questions
@@ -48,10 +48,10 @@ An API has a "<ins>data flow blindspot</ins>" if:
 A social network implemented a rate-limiting mechanism that blocks attackers
 from using brute force to guess reset password tokens. This mechanism wasn't
 implemented as part of the API code itself but in a separate component between
-the client and the official API (www.socialnetwork.com). A researcher found a
-beta API host (www.mbasic.beta.socialnetwork.com) that runs the same API,
-including the reset password mechanism, but the rate-limiting mechanism was not
-in place. The researcher was able to reset the password of any user by using
+the client and the official API (`api.socialnetwork.owasp.org`). A researcher
+found a beta API host (`beta.api.socialnetwork.owasp.org`) that runs the same
+API, including the reset password mechanism, but the rate-limiting mechanism was
+not in place. The researcher was able to reset the password of any user by using
 simple brute force to guess the 6 digit token.
 
 ### Scenario #2
@@ -104,3 +104,4 @@ sells the information for malicious purposes.
 * [CWE-1059: Incomplete Documentation][1]
 
 [1]: https://cwe.mitre.org/data/definitions/1059.html
+
