diff --git a/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md b/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md
index 72a255e..648fbef 100644
--- a/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md
+++ b/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md
@@ -195,7 +195,7 @@ startswith(), endswith(), contains(), indexOf()
 
 ### Weak SessionID
 
-Weak Session ID has algorithm may be vulnerable to brute Force attack. For example, one site is using `MD5(Password + UserID)` as sessionID. Then, testers may guess or generate the sessionID for other users.
+Weak Session ID has algorithm may be vulnerable to brute force attack. For example, one site is using `MD5(Password + UserID)` as sessionID. Then, testers may guess or generate the sessionID for other users.
 
 ## References