From 6950accce4dc7f4a2ab6bfede6f2f4fe2b581105 Mon Sep 17 00:00:00 2001
From: cktricky <ken.johnson@nvisiumsecurity.com>
Date: Tue, 12 Nov 2013 17:44:27 -0500
Subject: [PATCH] a6 exposure, working on the wording for SSNs being stored in
 the clear

---
 app/views/layouts/tutorial/_sidebar.html.erb           |  4 ++--
 .../{crypto => exposure}/_password_hashing.html.erb    |  2 +-
 .../tutorial/{crypto => exposure}/_ssn.html.erb        |  6 +++---
 .../tutorials/{crypto.html.erb => exposure.html.erb}   | 10 +++++-----
 config/routes.rb                                       |  2 +-
 5 files changed, 12 insertions(+), 12 deletions(-)
 rename app/views/layouts/tutorial/{crypto => exposure}/_password_hashing.html.erb (98%)
 rename app/views/layouts/tutorial/{crypto => exposure}/_ssn.html.erb (95%)
 rename app/views/tutorials/{crypto.html.erb => exposure.html.erb} (65%)

diff --git a/app/views/layouts/tutorial/_sidebar.html.erb b/app/views/layouts/tutorial/_sidebar.html.erb
index 5eb1d72..241339c 100755
--- a/app/views/layouts/tutorial/_sidebar.html.erb
+++ b/app/views/layouts/tutorial/_sidebar.html.erb
@@ -49,8 +49,8 @@
         A5 Misconfig
       <% end %>
     </li>
-    <li id="sensitive_exposure">
-      <%= link_to "#" do %>
+    <li id="exposure">
+      <%= link_to exposure_tutorials_path do %>
         <div class="icon">
           <span class="fs1" aria-hidden="true" data-icon="&#xe094;"></span>
         </div>
diff --git a/app/views/layouts/tutorial/crypto/_password_hashing.html.erb b/app/views/layouts/tutorial/exposure/_password_hashing.html.erb
similarity index 98%
rename from app/views/layouts/tutorial/crypto/_password_hashing.html.erb
rename to app/views/layouts/tutorial/exposure/_password_hashing.html.erb
index 1a9394e..a328e47 100755
--- a/app/views/layouts/tutorial/crypto/_password_hashing.html.erb
+++ b/app/views/layouts/tutorial/exposure/_password_hashing.html.erb
@@ -1,7 +1,7 @@
 <div class="widget">
     <div class="widget-header">
       <div class="title">
-        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A7 - Insecure Cryptographic Storage - Password Storage
+        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A6 - Sensitive Data Exposure - Insecure Password Storage
       </div>
     </div>
     <div class="widget-body">
diff --git a/app/views/layouts/tutorial/crypto/_ssn.html.erb b/app/views/layouts/tutorial/exposure/_ssn.html.erb
similarity index 95%
rename from app/views/layouts/tutorial/crypto/_ssn.html.erb
rename to app/views/layouts/tutorial/exposure/_ssn.html.erb
index 725d54f..1718b97 100644
--- a/app/views/layouts/tutorial/crypto/_ssn.html.erb
+++ b/app/views/layouts/tutorial/exposure/_ssn.html.erb
@@ -1,7 +1,7 @@
 <div class="widget">
     <div class="widget-header">
       <div class="title">
-        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A7 - Insecure Cryptographic Storage - Clear-text storage of SSN(s)
+        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A6 - Sensitive Data Exposure - Clear-text storage of SSN(s)
       </div>
     </div>
     <div class="widget-body">
@@ -62,7 +62,7 @@
           </div>
           <div class="accordion-body collapse" id="collapseSSNThree" style="height: 0px;">
             <div class="accordion-inner">
-			  <p><b>Password Storage - SOLUTION</b></p>
+			  <p><b>SSN Storage - SOLUTION</b></p>
 			  <p class="desc">
 				There is a lot of guidance on adequately protecting sensitive data at rest and using a layered defensive approach. Make no mistake, this should not be your sole means of securing sensitive data. That being said, there are at least four precautions that should be taken.
 				<li>The sensitive data is encrypted everywhere, including backups</li>
@@ -92,7 +92,7 @@
           </div>
           <div class="accordion-body collapse" id="collapseSSNFour" style="height: 0px;">
             <div class="accordion-inner">
-              How protected are those passwords in the database against cracking?
+              My SSN seems pretty important, hope it's kept safe!
             </div>
           </div>
         </div>
diff --git a/app/views/tutorials/crypto.html.erb b/app/views/tutorials/exposure.html.erb
similarity index 65%
rename from app/views/tutorials/crypto.html.erb
rename to app/views/tutorials/exposure.html.erb
index 7bd24af..3e99af5 100755
--- a/app/views/tutorials/crypto.html.erb
+++ b/app/views/tutorials/exposure.html.erb
@@ -2,22 +2,22 @@
 	<div class="main-container">
 		<div class="row-fluid">
 		    <div class="span12">  <!-- Beginning of span-->
-		       <%= render :partial => "layouts/tutorial/crypto/password_hashing" %>
+		       <%= render :partial => "layouts/tutorial/exposure/password_hashing" %>
 		    </div> <!-- End of span-->
 		</div>
-<!--		
+		
 		<div class="row-fluid">
 		    <div class="span12">  
-		       <%#= render :partial => "layouts/tutorial/crypto/ssn" %>
+		       <%= render :partial => "layouts/tutorial/exposure/ssn" %>
 		    </div>
 		</div>
--->		
+	
 	</div>
 </div>
 
 <script type="text/javascript">
 function makeActive(){
-	$('li[id="crypto"]').addClass('active');
+	$('li[id="exposure"]').addClass('active');
 };
 
 $(document).ready(makeActive);
diff --git a/config/routes.rb b/config/routes.rb
index a58b21e..59b771f 100755
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -45,7 +45,7 @@ resources :tutorials do
     get "insecure_dor"
     get "csrf"
     get "misconfig"
-    get "crypto"
+    get "exposure"
     get "url_access"
     get "ssl_tls"
     get "redirects"