diff --git a/input_validation/README.md b/input_validation/README.md
index f1b19b4..2ff7508 100644
--- a/input_validation/README.md
+++ b/input_validation/README.md
@@ -7,13 +7,13 @@ Yes we can, and we get a flag.
 
 ## Utility of It
 This allows an attacker to:
-    - Submit invalid or malicious data (e.g., score > 10).
-    - Manipulate application logic (e.g., gain unfair advantage or retrieve flags).
-    - Potentially exploit further vulnerabilities if the data is used insecurely elsewhere (e.g., SQL injection, XSS).
+- Submit invalid or malicious data (e.g., score > 10).
+- Manipulate application logic (e.g., gain unfair advantage or retrieve flags).
+- Potentially exploit further vulnerabilities if the data is used insecurely elsewhere (e.g., SQL injection, XSS).
 
 
 ## How Can We Patch It
-    - Validate all input on the server side regardless of client-side checks.
-    - Enforce boundaries (e.g., score must be between 0 and 10) on the backend.
-    - Use a schema validation library or built-in mechanisms to reject bad data.
-    - Never trust client-side data blindly — browsers can be manipulated.
+- Validate all input on the server side regardless of client-side checks.
+- Enforce boundaries (e.g., score must be between 0 and 10) on the backend.
+- Use a schema validation library or built-in mechanisms to reject bad data.
+- Never trust client-side data blindly — browsers can be manipulated.