repositories
/
ssproject1617.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
e251c8e
)
Finished V11 HTTP security
author
Daan Sprenkels
<dsprenkels@gmail.com>
Wed, 9 Nov 2016 12:56:41 +0000
(13:56 +0100)
committer
Daan Sprenkels
<dsprenkels@gmail.com>
Wed, 9 Nov 2016 12:58:13 +0000
(13:58 +0100)
report/v11_httpsec.tex
patch
|
blob
|
history
diff --git
a/report/v11_httpsec.tex
b/report/v11_httpsec.tex
index
bf075c6
..
2b86bac
100644
(file)
--- a/
report/v11_httpsec.tex
+++ b/
report/v11_httpsec.tex
@@
-52,29
+52,29
@@
information of system components.
application is installed.
\end{result}
application is installed.
\end{result}
-\item\pass{}
-\TODO \\
+\item\fail{}
Verify that all API responses contain X-Content-Type-Options:
nosniff and Content-Disposition:
attachment; filename="api.json" (or other
appropriate filename for the content type).
\begin{result}
Verify that all API responses contain X-Content-Type-Options:
nosniff and Content-Disposition:
attachment; filename="api.json" (or other
appropriate filename for the content type).
\begin{result}
+ The application does not supply the \texttt{X-Content-Type-Options} header.
\end{result}
\end{result}
-\item\pass{}
-\TODO \\
+\item\fail{}
Verify that a content security policy (CSPv2) is in
place that helps mitigate common DOM, XSS,
JSON, and JavaScript injection vulnerabilities.
\begin{result}
Verify that a content security policy (CSPv2) is in
place that helps mitigate common DOM, XSS,
JSON, and JavaScript injection vulnerabilities.
\begin{result}
+ There is no content security policy in place.
\end{result}
\end{result}
-\item\pass{}
-\TODO \\
+\item\fail{}
Verify that the X-XSS-Protection: 1; mode=block
header is in place to enable browser reflected XSS
filters.
\begin{result}
Verify that the X-XSS-Protection: 1; mode=block
header is in place to enable browser reflected XSS
filters.
\begin{result}
+ The application does not supply the \texttt{X-XSS-Protection} header.
\end{result}
\end{enumerate}
\end{result}
\end{enumerate}