awesome. now we show code snippets in a much better way. Peeps who add to the tutorials will need to enclose code w/ <pre class="ruby></pre>

app/views/layouts/tutorial/broken_auth_sess/_user_pass_enum.html.erb

@@ -1,7 +1,7 @@
 <div class="widget">
     <div class="widget-header">
       <div class="title">
-        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A3 - Broken Authentication and Session Management (Instance #1)
+        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A3 - Broken Authentication and Session Management - Username/Pass Enumeration
       </div>
     </div>
     <div class="widget-body">
@@ -17,7 +17,7 @@
           <div class="accordion-body in collapse" id="collapseOne" style="height: auto;">
             <div class="accordion-inner">
               <p>
-Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume other users’ identities.
+				Overly verbose error messages that indicate whether or not a user exists can assist an attacker with brute-forcing accounts. In attempting to harvest valid usernames for a password-guessing campaign, these messages can prove very useful.
 			  </p>
             </div>
           </div>
@@ -32,7 +32,28 @@ Application functions related to authentication and session management are often
           </div>
           <div class="accordion-body collapse" id="collapseTwo" style="height: 0px;">
             <div class="accordion-inner">
-              <p><b>Broken Authentication and Session Management</b></p>
+              <p><b>Username and Password Enumeration</b></p>
+			  <p><b>Within /app/models/user.rb:</p><p>
+				
+				
+						<pre class="ruby">
+						def self.authenticate(email, password)
+					       	auth = nil
+					       	user = find_by_email(email)
+					       	# I heard something about hashing, dunno, why bother really. Nobody will get access to my stuff!
+					       	if user
+					       	  if user.password == password
+					       	    auth = user
+					       	  else
+					       	   raise "Incorrect Password!"
+					       	  end 
+					       	else
+					       	   raise "#{email} doesn't exist!"
+					       	end
+					       	return auth
+					   end
+					  </pre>
+			 		
             </div>
           </div>
         </div>
@@ -66,4 +87,4 @@ Application functions related to authentication and session management are often
         </div>
       </div>
     </div>
-  </div>
+  </div>

app/views/tutorials/csrf.html.erb

@@ -37,19 +37,17 @@
 		                  <p><b>Cross-Site Request Forgery (CSRF) - The following code was taken from: /app/controllers/application_controller.rb and /app/views/layouts/application.html.erb</b></p>
 						  <p>application_controller.rb<<p>
 						  <p>
-							<font face="Courier New" style="color: rgb(69, 126, 136)">
-								<%= %{# Our security guy keep talking about sea-surfing, cool story bro.}%>
-								</br><%= %{
-							        # protect_from_forgery
-									} 
-								%>
-							</font>
+						     <pre class="ruby">
+							 # Our security guy keep talking about sea-surfing, cool story bro.
+							 # protect_from_forgery
+							</pre>
+								
 						  </p>
 						  <p> application.html.erb </p>
 						  <p>
-							  <font face="Courier New" style="color: rgb(69, 126, 136)">
-									<%= @meta_code_bad %>
-							  </font>
+							  <pre class="ruby">
+								<%= @meta_code_bad %>
+							  </pre>
 						  </p>
 		                </div>
 		              </div>
@@ -83,9 +81,9 @@
 							 By Default, the protect_from_forgery directive is added under the application_controller.rb at project creation. However, occasionally developers turn it off (comment out) because of issues with JS. The solution around the JS problem is to add the following code within the header section of the application.html.erb file (or any other application layout file).
 						 </p>
 							<p>
-								<font face="Courier New" style="color: rgb(69, 126, 136)">
+								<pre class="ruby">
 									<%= @meta_code_good %>
-								</font>
+								</pre>
 						  </p>
 		                </div>
 		              </div>

app/views/tutorials/xss.html.erb

@@ -36,7 +36,11 @@
 		                <div class="accordion-inner">
 		                  <p><b>Stored Cross-Site Scripting - The following code was taken from app/views/layouts/shared/_header.html.erb</b></p>
 						  <font face="Courier New" style="color: rgb(69, 126, 136)"> 
-							 <p><%= @code %></p>
+							 <p>
+			  					<pre class="ruby">
+								  <%= @code %>
+				 				</pre>
+			                  </p>
 					      </font>
 		                </div>
 		              </div>