Browse Source

corrections and adding cipher suites questions

pull/487/head
lee 5 years ago
parent
commit
8c1eb1e15d
  1. 10
      subjects/forum/forum-security.audit.en.md
  2. 2
      subjects/forum/forum-security.en.md

10
subjects/forum/forum-security.audit.en.md

@ -1,20 +1,28 @@
#### Functional
##### Try opening the forum.
###### Does the URL contain HTTPS?
###### Is the project implementing [cipher suites](https://www.iana.org/assignments/tls-parameters/tls-parameters.xml)?
###### Is the Go TLS structure well configured?
###### Is the [server](https://golang.org/pkg/net/http/#Server) timeout reduced (Read, write and IdleTimeout)? (enabling attackers to take their time)
##### Try to access the database.
###### Does the database present a password for protection?
##### Try creating a user. Go to the database using the command `"sqlite3 <database-name>"` and run `"SELECT * FROM <user-table>;"` to select all users.
###### Are the passwords encrypted?
##### Try to login into the forum and open the inspector(CTRL+SHIFT+i) and go to the storage to see the cookies(this can be different depending on the [browser](https://developer.mozilla.org/en-US/docs/Learn/Common_questions/What_are_browser_developer_tools)).
###### Does the session cookie present a unique identifier?
###### Can you configure the certificates information, either via env or config file?
###### Does the project present a way to configure the certificates information, either via .env or config files or other method?
###### Are the allowed packages being respected?

2
subjects/forum/forum-security.en.md

@ -17,8 +17,8 @@ For this project you must take into account the security of your forum.
This project will help you learn about :
- HTTPS
- [Cipher suites](https://www.iana.org/assignments/tls-parameters/tls-parameters.xml)
- Encryption
- Database
- password
- session/cookies
- Universal Unique Identifier (UUID)

Loading…
Cancel
Save