diff --git a/src/main/resources/explanations/challenge15.adoc b/src/main/resources/explanations/challenge15.adoc
index 338371539..49a235486 100644
--- a/src/main/resources/explanations/challenge15.adoc
+++ b/src/main/resources/explanations/challenge15.adoc
@@ -1,8 +1,8 @@
 === Docker COPY and WORKDIR
 
-When we start new project usually we are focus on new festers implementation than on security aspect.
-Sometimes Single Page Application or mobile application need to access information for themself rather then on behalf of a user.
+When we start new project usually we are focus on new feature implementation than on security aspect.
+Sometimes Single Page Application or mobile application need to access information for themselves rather than on behalf of a user.
 For this purpose OAuth provides the `client_credentials` flow to get access token.
-In such situation it easy to store client secrets in front-end or mobile application code.
+In such situation it's easy to store client secrets in front-end or mobile application code.
 
 What about looking for it in the Development Tools in browser?
diff --git a/src/main/resources/explanations/challenge15_reason.adoc b/src/main/resources/explanations/challenge15_reason.adoc
index 6a36c1246..5b1aeebeb 100644
--- a/src/main/resources/explanations/challenge15_reason.adoc
+++ b/src/main/resources/explanations/challenge15_reason.adoc
@@ -1,4 +1,4 @@
-*Why using Single Page Application or Mobile application to put client secret in is a bad idea*
+*Why using Single-Page Application or Mobile application to put client secret in is a bad idea*
 
 As you can tell by now, you can easily detect any secret that stored within a Single Page Application or Mobile application.
-Authorization Code Flow with Proof Key for Code Exchange (PKCE)
+To prevent such situation Authorization Code Flow with Proof Key for Code Exchange (PKCE) is used.