From e878441270e778a35ea07f73b22729d1185d636a Mon Sep 17 00:00:00 2001
From: Alex <53379240+AlexandraC0@users.noreply.github.com>
Date: Tue, 12 Sep 2023 11:37:53 +0200
Subject: [PATCH] Update README.md

---
 packages/lessons/broken-function-level-authorization/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/lessons/broken-function-level-authorization/README.md b/packages/lessons/broken-function-level-authorization/README.md
index 4516007..1e13162 100644
--- a/packages/lessons/broken-function-level-authorization/README.md
+++ b/packages/lessons/broken-function-level-authorization/README.md
@@ -7,7 +7,7 @@ owasp: 'API5:2023'
 authors: ['escape']
 ---
 
-This lesson is about properly setting up function-level authorization in GraphQL with Apollo. The server code is given, with authentication developed following [Apollo's recommandations](https://www.apollographql.com/docs/apollo-server/security/authentication/). Small oversights have made **the authorization mechanism vulnerable**. Our goal is to exploit it and then fix it.
+This lesson is about [properly setting up](https://escape.tech/blog/authentication-authorization-access-control/#access-control-best-practices-to-secure-your-graphql-api) function-level authorization in GraphQL with Apollo. The server code is given, with authentication developed following [Apollo's recommendations](https://www.apollographql.com/docs/apollo-server/security/authentication/). Small oversights have made **the authorization mechanism vulnerable**. Our goal is to exploit it and then fix it.
 
 ## The vulnerable server