team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

a6 exposure, working on the wording for SSNs being stored in the clear

Browse Source
This commit is contained in:
cktricky
2013-11-12 17:44:27 -05:00
parent 655b636c38
commit 6950accce4
5 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/views/layouts/tutorial/_sidebar.html.erb
+2 -2
View File
@@ -49,8 +49,8 @@
A5 Misconfig
<% end %>
</li>
<li id="sensitive_exposure">
<%= link_to "#" do %>
<li id="exposure">
<%= link_to exposure_tutorials_path do %>
<div class="icon">
<span class="fs1" aria-hidden="true" data-icon="&#xe094;"></span>
</div>
app/views/layouts/tutorial/crypto/_password_hashing.html.erb → app/views/layouts/tutorial/exposure/_password_hashing.html.erb
+1 -1
View File
@@ -1,7 +1,7 @@
<div class="widget">
<div class="widget-header">
<div class="title">
<span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A7 - Insecure Cryptographic Storage - Password Storage
<span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A6 - Sensitive Data Exposure - Insecure Password Storage
</div>
</div>
<div class="widget-body">
app/views/layouts/tutorial/crypto/_ssn.html.erb → app/views/layouts/tutorial/exposure/_ssn.html.erb
+3 -3
View File
@@ -1,7 +1,7 @@
<div class="widget">
<div class="widget-header">
<div class="title">
<span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A7 - Insecure Cryptographic Storage - Clear-text storage of SSN(s)
<span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A6 - Sensitive Data Exposure - Clear-text storage of SSN(s)
</div>
</div>
<div class="widget-body">
@@ -62,7 +62,7 @@
</div>
<div class="accordion-body collapse" id="collapseSSNThree" style="height: 0px;">
<div class="accordion-inner">
<p><b>Password Storage - SOLUTION</b></p>
<p><b>SSN Storage - SOLUTION</b></p>
<p class="desc">
There is a lot of guidance on adequately protecting sensitive data at rest and using a layered defensive approach. Make no mistake, this should not be your sole means of securing sensitive data. That being said, there are at least four precautions that should be taken.
<li>The sensitive data is encrypted everywhere, including backups</li>
@@ -92,7 +92,7 @@
</div>
<div class="accordion-body collapse" id="collapseSSNFour" style="height: 0px;">
<div class="accordion-inner">
How protected are those passwords in the database against cracking?
My SSN seems pretty important, hope it's kept safe!
</div>
</div>
</div>