repositories / ssproject1617.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add true skeleton
[ssproject1617.git] / report / v5_input.tex
diff --git a/report/v5_input.tex b/report/v5_input.tex
index 161829c..618c2bf 100644 (file)
--- a/report/v5_input.tex
+++ b/report/v5_input.tex
@@ -1 +1,30 @@
-Hoi
+\begin{enumerate}[label=5.\arabic*]
+       \item Verify that the runtime environment is not susceptible to buffer
+               overflows, or that security controls prevent buffer overflows.
+
+       % They skip 5.2
+       \addtocounter{enumi}{1}
+       \item Verify that server side input validation failures result in 
+               request rejection and are logged.
+
+       % They skip 5.4
+       \addtocounter{enumi}{1}
+       \item Verify that input validation routines are enforced on the server
+               side.
+
+       \item\notapplicable{Verify that a single input validation control is used
+               by the application for each type of data that is accepted.}
+
+       % They skip 5.7-5.9
+       \addtocounter{enumi}{3}
+       \item Verify that all SQL queries, HQL, OSQL, NOSQL and stored 
+               procedures, calling of stored procedures are protected by the 
+               use of prepared statements or query parameterization, and 
+               thus not susceptible to SQL injection.
+
+       \item Verify that the application is not susceptible to LDAP
+               Injection, or that security controls prevent LDAP Injection.
+
+       \item Verify that the application is not susceptible to OS Command
+               Injection, or that security controls prevent OS Command Injection.
+\end{enumerate}