X-Git-Url: https://git.martlubbers.net/?a=blobdiff_plain;f=report%2Fv11_httpsec.tex;h=18400595d66acbbe2ec05227cf21ac40fe830dc0;hb=01e7fcf06543fc2b9b7e07feaab712754e3e0c2b;hp=bf075c6eb51f452f32fc381c191a626ce1944d74;hpb=25df7fe04a2582de5f4c5017b143a4c3e2276338;p=ssproject1617.git

diff --git a/report/v11_httpsec.tex b/report/v11_httpsec.tex
index bf075c6..1840059 100644
--- a/report/v11_httpsec.tex
+++ b/report/v11_httpsec.tex
@@ -1,5 +1,5 @@
 
-\begin{enumerate}[label={11.\arabic*}]
+\begin{enumerate}[label={V11.\arabic*}]
 
 \item\fail{}
 Verify that the application accepts only a defined
@@ -52,29 +52,29 @@ information of system components.
     application is installed.
 \end{result}
 
-\item\pass{}
-\TODO \\
+\item\fail{}
 Verify that all API responses contain X-Content-Type-Options:
 nosniff and Content-Disposition:
 attachment; filename="api.json" (or other
 appropriate filename for the content type).
 \begin{result}
+    The application does not supply the \texttt{X-Content-Type-Options} header.
 \end{result}
 
-\item\pass{}
-\TODO \\
+\item\fail{}
 Verify that a content security policy (CSPv2) is in
 place that helps mitigate common DOM, XSS,
 JSON, and JavaScript injection vulnerabilities.
 \begin{result}
+    There is no content security policy in place.
 \end{result}
 
-\item\pass{}
-\TODO \\
+\item\fail{}
 Verify that the X-XSS-Protection: 1; mode=block
 header is in place to enable browser reflected XSS
 filters.
 \begin{result}
+    The application does not supply the \texttt{X-XSS-Protection} header.
 \end{result}
 
 \end{enumerate}