From cf1b5dc124e40705467131fa4f3a9393739a36ef Mon Sep 17 00:00:00 2001
From: Michael McCabe <michaelmccabe@Nvis-MBP.local>
Date: Tue, 12 Nov 2013 13:55:24 -0500
Subject: [PATCH] updating description with owasp 2013 description

---
 app/views/layouts/tutorial/redirects/_redirects_first.html.erb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/views/layouts/tutorial/redirects/_redirects_first.html.erb b/app/views/layouts/tutorial/redirects/_redirects_first.html.erb
index 10f875f..44aeefb 100755
--- a/app/views/layouts/tutorial/redirects/_redirects_first.html.erb
+++ b/app/views/layouts/tutorial/redirects/_redirects_first.html.erb
@@ -17,7 +17,8 @@
           <div class="accordion-body in collapse" id="collapseOne" style="height: auto;">
             <div class="accordion-inner">
 	  		 <p class="desc">
-              OWASP Description - Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.
+              Applications frequently redirect users to other pages, or use internal forwards in a similar manner. Sometimes the target page is specified in an unvalidated parameter, allowing attackers to choose the destination page.
+              Detecting unchecked redirects is easy. Look for redirects where you can set the full URL. Unchecked forwards are harder, because they target internal pages.
   			 </p>
 	  		 <p class="desc">
               Railsgoat allows the redirection to the paths previously requested but for which the user did not have access. Following authentication, the user is redirected.