fix img link in overview

Author: Ali-Yazdani

current-version/0-Intro/0-2-Overview.md

@@ -23,7 +23,7 @@ but in this approach, any designer, software architecture, developer, DevOps eng
 
 ### Dev+Sec+Ops
 
-<img align="right" width="200" height="180" src="/documents/assets/images/DevSecOps.png">
+<img align="right" width="200" height="180" src="/current-version/assets/images/DevSecOps.png">
 
 Suppose that these 3 different areas for covering each other is something like the image,
 so in conclusion with the above words, we need to implement some tools and working on promoting a DevSecOps culture too.
@@ -51,8 +51,9 @@ The solution is introducing security earlier in the process instead of having it
 Considering security in design by threat modeling and
 break down huge security tests in smaller security testing and integrating them in the development pipeline.
 
-The following picture shows the differences between DevOps and DevSecOps lifecycles.
-<img src="/documents/assets/images/DevOps vs DevSecOps.png">
+The following picture shows the differences between DevOps and DevSecOps lifecycles.  
+
+![DevOps vs DevSecOps](/current-version/assets/images/DevOps-vs-DevSecOps.png)
 
 ### Privacy
 
@@ -90,20 +91,20 @@ it checks the software behavior under unexpected conditions and inputs.
    It is performed in the early stage of development to avoid errors, as it is easier to find sources of failures and it can be fixed easily.
    Some issues that can’t be found using Dynamic Testing, can be easily found by Static Testing. Such issues consists of hard coded credentials, deprecated encryption algorithms, 2nd order injections, weak random, etc. 
    Most static analysis tools have the testing scope limited to one component and can not perform tests across different components. (EG. for a microservice architecture, static analysis tools will test each microservice independently)
-   ![Static testing](/documents/assets/images/sast_scanning.png)
+   ![Static testing](/current-version/assets/images/sast_scanning.png)
 
 
 2. **Dynamic testing**
 
    Dynamic Testing analyzes the behavior of the application code at runtime. Scanners send specially crafted requests to the target application. Request parameters are constantly modified during testing to try and expose a range of vulnerabilities. Based on the response of the application the tool can then identify potential vulnerabilities and report back. Some issues that can't be found by static analysis are easily detected by dynamic analysis. Such issues include client side vulnerabilities like authentication & session issues, sensitive data sent in plain text, etc. 
    Dynamic analysis tools have the possibility of testing the entire application flow(multiple components at once). (Eg. for a microservice architecture, dynamic analysis tools can point to one microservice, but as they interact with each other results will represent the behaviour of the entire application)
-   ![Dynamic testing](/documents/assets/images/dast_scanning.png)
+   ![Dynamic testing](/current-version/assets/images/dast_scanning.png)
 
 
 3. **Interactive analysis**
 
    Also known as Interactive Application Security Testig (IAST) monitors the application while other systems interact with it and observe vulnerabilities. This is achieved via sensors or agents deploy with the application. The sensors can see the entire flow from HTTP request down to the executed code, tracing the data through the application. Similar to static analysis, it can test one component at a time, but not multiple components. However, if agents/sensors are deployed on all components, when they interact with eachother this could reveal vulnerabilities in each component used in the application. (Eg. for a microservice architecture, only the microservices that have agents/sensors attached will report vulnerabilities)
-   ![Interactive analysis](/documents/assets/images/iast_analysis.png)
+   ![Interactive analysis](/current-version/assets/images/iast_analysis.png)
 
 ---