From eb2c14b2094c29b2ec09532a294f04c86866d0bf Mon Sep 17 00:00:00 2001
From: pwned-17 <shaikajmal.r2000@hotmail.com>
Date: Thu, 6 May 2021 21:24:06 +0530
Subject: [PATCH 1/2] A10 : Writeup

---
 .../introduction/templates/Lab/A10/a10.html   | 20 +++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/pygoat/introduction/templates/Lab/A10/a10.html b/pygoat/introduction/templates/Lab/A10/a10.html
index 7e75051ee..661a6dbed 100644
--- a/pygoat/introduction/templates/Lab/A10/a10.html
+++ b/pygoat/introduction/templates/Lab/A10/a10.html
@@ -13,6 +13,18 @@ <h4>What does Insufficient Logging & Monitoring means?</h4>
     <button class="coll btn btn-info">Lab Details</button>
     <div class="lab">
       <p class="bp">
+          This lab helps you to get an idea of how sometimes improper logging can result in information disclosure.
+
+          The user on accessing the lab is given with a login page which says the log have been leaked.
+          The user needs to find the leak and try to gain the credentials that have been leaked in the logs.
+
+          <b>Finding the Log</b>
+          <ul>
+             <li>The log has been exposed in <code>/debug</code> route </li>
+            <li>This can be found out with subdomain brute-forcing or just by guess</li>
+            <li>On seeing the Log try to get the required login details as there is a leak and the logging is improperly handled.</li>
+
+          </ul>
         
       </p>
       <br>
@@ -22,10 +34,10 @@ <h4>What does Insufficient Logging & Monitoring means?</h4>
     <h4>Mitigation</h4>
     <p class="bp">
       <ul>
-        <li></li>
-        <li></li>
-        <li></li>
-        <li></li>
+        <li>Ensure that logs are created in a format that can be easily used by central log management tools.</li>
+        <li>High-value transactions should have an audit trail with integrity controls to prevent manipulation or deletion.</li>
+        <li>Effective monitoring and alerting should be established so that suspicious activities can be detected and responded to in a timely manner.</li>
+        <li>Make sure that there arent any sensitive information like passwords are being logged</li>
       </ul>
     </p>
   </div>

From 402f7161bb993fe1890ea54b00c784624987cbf5 Mon Sep 17 00:00:00 2001
From: pwned-17 <shaikajmal.r2000@hotmail.com>
Date: Thu, 6 May 2021 21:24:51 +0530
Subject: [PATCH 2/2] A10 : Minor changes

---
 pygoat/introduction/templates/Lab/A10/a10.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pygoat/introduction/templates/Lab/A10/a10.html b/pygoat/introduction/templates/Lab/A10/a10.html
index 661a6dbed..2426ebce5 100644
--- a/pygoat/introduction/templates/Lab/A10/a10.html
+++ b/pygoat/introduction/templates/Lab/A10/a10.html
@@ -18,7 +18,7 @@ <h4>What does Insufficient Logging & Monitoring means?</h4>
           The user on accessing the lab is given with a login page which says the log have been leaked.
           The user needs to find the leak and try to gain the credentials that have been leaked in the logs.
 
-          <b>Finding the Log</b>
+          <br><b>Finding the Log</b>
           <ul>
              <li>The log has been exposed in <code>/debug</code> route </li>
             <li>This can be found out with subdomain brute-forcing or just by guess</li>
@@ -31,7 +31,7 @@ <h4>What does Insufficient Logging & Monitoring means?</h4>
       <div align="right"> <button class="btn btn-primary" type="button" onclick="window.location.href='/a10_lab'">Access Lab</button></div>
     </div>
   <div>
-    <h4>Mitigation</h4>
+    <br><h4>Mitigation</h4>
     <p class="bp">
       <ul>
         <li>Ensure that logs are created in a format that can be easily used by central log management tools.</li>