From 912c34a26e28b61071426cb4a94cd5ad2c5351b8 Mon Sep 17 00:00:00 2001
From: Ken Johnson <cktricky@Kens-MacBook-Pro.local>
Date: Mon, 3 Jun 2013 01:11:51 -0400
Subject: [PATCH] finished the writeup for password complexity

---
 app/models/user.rb                            |   3 +-
 .../_password_complexity.html.erb             | 100 ++++++++++++++++++
 app/views/tutorials/broken_auth.html.erb      |   5 +
 3 files changed, 107 insertions(+), 1 deletion(-)
 create mode 100644 app/views/layouts/tutorial/broken_auth_sess/_password_complexity.html.erb

diff --git a/app/models/user.rb b/app/models/user.rb
index 39787e1..9d0ca4f 100755
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -4,7 +4,8 @@ class User < ActiveRecord::Base
   validates :password, :presence => true,
                        :confirmation => true,
                        :length => {:within => 6..40},
-                       :on => :create
+                       :on => :create#,
+                       #:format => {:with => /\A.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\@\#\$\%\^\&\+\=]).*\z/}
   validates_presence_of :email
   validates_uniqueness_of :email
   validates_format_of :email, :with => /.+@.+\..+/i
diff --git a/app/views/layouts/tutorial/broken_auth_sess/_password_complexity.html.erb b/app/views/layouts/tutorial/broken_auth_sess/_password_complexity.html.erb
new file mode 100644
index 0000000..ebb4cbb
--- /dev/null
+++ b/app/views/layouts/tutorial/broken_auth_sess/_password_complexity.html.erb
@@ -0,0 +1,100 @@
+<div class="widget">
+    <div class="widget-header">
+      <div class="title">
+        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A3 - Broken Authentication and Session Management - Lack of Password Complexity
+      </div>
+    </div>
+    <div class="widget-body">
+      <div id="accordion1" class="accordion no-margin">
+        <div class="accordion-group">
+          <div class="accordion-heading">
+            <a href="#collapsePwdOne" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+              <i class="icon-info icon-white">
+              </i>
+              Description
+            </a>
+          </div>
+          <div class="accordion-body in collapse" id="collapsePwdOne" style="height: auto;">
+            <div class="accordion-inner">
+              <p class="desc">
+			 	Password complexity is incredibly important and highly debated subject. Other factors play a part in the stringency of the enforcement policy applied. If a username can be enumerated, a CAPTCHA on the login form is not present or other methods to deter a brute-force password guessing campaign are not in place, at least password complexity enforcement policy can make it a that much more difficult for an attacker to guess users passwords.
+			  </p>
+            </div>
+          </div>
+        </div>
+        <div class="accordion-group">
+          <div class="accordion-heading">
+            <a href="#collapsePwdTwo" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+              <i class="icon-bug icon-white">
+              </i>
+              Bug
+            </a>
+          </div>
+          <div class="accordion-body collapse" id="collapsePwdTwo" style="height: 0px;">
+            <div class="accordion-inner">
+	          <p>
+              Within app/models/User.rb
+              </p>
+			  <pre class="ruby">
+				validates :password, :presence => true,
+			                       :confirmation => true,
+			                       :length => {:within => 6..40},
+			                       :on => :create
+			  </pre>
+			  <p class="desc">
+				The application validates only the password length and nothing else. Developers can leverage the format option to apply a regular expression that checks the password has sufficient complexity.
+			  </p>		
+            </div>
+          </div>
+        </div>
+        <div class="accordion-group">
+          <div class="accordion-heading">
+            <a href="#collapsePwdThree" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+              <i class="icon-lightning icon-white">
+              </i>
+              Solution
+            </a>
+          </div>
+          <div class="accordion-body collapse" id="collapsePwdThree" style="height: 0px;">
+            <div class="accordion-inner">
+              <p><b>Lack of Password Complexity - ATTACK</b></p>
+  			  <p class="desc">
+	          	Leverage a tool such as BurpSuite's intruder to brute-force the passwords of the users. The highest privileged account that you an attacker can compromise is the admin. The password is very simple ("admin1234"), username is ("admin@metacorp.com").
+			  </p> 
+			  <p><b>Lack of Password Complexity - SOLUTION</b></p>
+			  <p class="desc">
+				This regular expression validates the password has the following requirements:
+				<li>1 digit</li>
+				<li>1 lowercase alphabet</li>
+				<li>1 uppercase alphabet</li>
+				<li>1 special character</li>
+			  </p>	
+			  <pre class="ruby">
+				  validates :password, :presence => true,
+				                       :confirmation => true,
+				                       :length => {:within => 6..40},
+				                       :on => :create,
+				                       <span style="background-color: yellow">:format => {:with => /\A.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\@\#\$\%\^\&\+\=]).*\z/}</span>
+			  </pre>	
+            </div>
+          </div>
+        </div>
+		<div class="accordion-group">
+          <div class="accordion-heading">
+            <a  style="background-color: rgb(181, 121, 158)" href="#collapsePwdFour" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+              <i class="icon-aid icon-white">
+              </i>
+              Hint
+            </a>
+          </div>
+          <div class="accordion-body collapse" id="collapsePwdFour" style="height: 0px;">
+            <div class="accordion-inner">
+				<p class="desc">
+					I wonder how strong the administrator's password is?
+				</p>	
+             </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
diff --git a/app/views/tutorials/broken_auth.html.erb b/app/views/tutorials/broken_auth.html.erb
index 52ee205..7d85147 100755
--- a/app/views/tutorials/broken_auth.html.erb
+++ b/app/views/tutorials/broken_auth.html.erb
@@ -5,6 +5,11 @@
 		      <%= render :partial => ("layouts/tutorial/broken_auth_sess/user_pass_enum")%>
 		    </div> <!-- End Span12-->
 		</div>
+		<div class="row-fluid">
+		    <div class="span12">
+		      <%= render :partial => ("layouts/tutorial/broken_auth_sess/password_complexity")%>
+		    </div> <!-- End Span12-->
+		</div>
 	</div>
 </div>