From 8c1eb1e15ddfaf6e36ba70c094674a7e0042e607 Mon Sep 17 00:00:00 2001
From: lee <lee-dasilva@hotmail.com>
Date: Thu, 5 Mar 2020 22:38:20 +0000
Subject: [PATCH] corrections and adding cipher suites questions

---
 subjects/forum/forum-security.audit.en.md | 10 +++++++++-
 subjects/forum/forum-security.en.md       |  2 +-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/subjects/forum/forum-security.audit.en.md b/subjects/forum/forum-security.audit.en.md
index c4f7922c..bd1639c4 100644
--- a/subjects/forum/forum-security.audit.en.md
+++ b/subjects/forum/forum-security.audit.en.md
@@ -1,20 +1,28 @@
 #### Functional
 
 ##### Try opening the forum.
+
 ###### Does the URL contain HTTPS?
 
+###### Is the project implementing [cipher suites](https://www.iana.org/assignments/tls-parameters/tls-parameters.xml)?
+
 ###### Is the Go TLS structure well configured?
 
+###### Is the [server](https://golang.org/pkg/net/http/#Server) timeout reduced (Read, write and IdleTimeout)? (enabling attackers to take their time)
+
 ##### Try to access the database.
+
 ###### Does the database present a password for protection?
 
 ##### Try creating a user. Go to the database using the command `"sqlite3 <database-name>"` and run `"SELECT * FROM <user-table>;"` to select all users.
+
 ###### Are the passwords encrypted?
 
 ##### Try to login into the forum and open the inspector(CTRL+SHIFT+i) and go to the storage to see the cookies(this can be different depending on the [browser](https://developer.mozilla.org/en-US/docs/Learn/Common_questions/What_are_browser_developer_tools)).
+
 ###### Does the session cookie present a unique identifier?
 
-###### Can you configure the certificates information, either via env or config file?
+###### Does the project present a way to configure the certificates information, either via .env or config files or other method?
 
 ###### Are the allowed packages being respected?
 
diff --git a/subjects/forum/forum-security.en.md b/subjects/forum/forum-security.en.md
index a03a346b..b6fc8487 100644
--- a/subjects/forum/forum-security.en.md
+++ b/subjects/forum/forum-security.en.md
@@ -17,8 +17,8 @@ For this project you must take into account the security of your forum.
 This project will help you learn about :
 
 - HTTPS
+- [Cipher suites](https://www.iana.org/assignments/tls-parameters/tls-parameters.xml)
 - Encryption
-  - Database
   - password
   - session/cookies
   - Universal Unique Identifier (UUID)