Merge branch 'master' of gitlab.science.ru.nl:mlubbers/ssproject1617

diff --cc report/preamble.tex
index 0869d91,0e1a1ce..03b12fd
--- 1/report/preamble.tex
--- 2/report/preamble.tex
+++ b/report/preamble.tex
@@@ -36,16 -36,37 +36,37 @@@
  ]{result}
  
  % Tools afkortingen
+ \newcommand{\API}{\emph{API}}
+ \newcommand{\CMS}{\emph{CMS}}
+ \newcommand{\CSRF}{\emph{CSRF}}
+ \newcommand{\DELETE}{\emph{DELETE}}
+ \newcommand{\DOM}{\emph{DOM}}
+ \newcommand{\GET}{\emph{GET}}
+ \newcommand{\GUID}{\emph{GUID}}
+ \newcommand{\HTMLF}{\textsc{HTML5}}
+ \newcommand{\HTML}{\textsc{HTML}}
+ \newcommand{\HTTPS}{\textsc{HTTPS}}
+ \newcommand{\HTTP}{\textsc{HTTP}}
+ \newcommand{\JQuery}{\textsc{JQuery}}
+ \newcommand{\JSON}{\textsc{JSON}}
+ \newcommand{\LDAP}{\textsc{LDAP}}
  \newcommand{\PHP}{\textsc{PHP}}
+ \newcommand{\PII}{\emph{PII}}
+ \newcommand{\POST}{\emph{POST}}
+ \newcommand{\PUT}{\emph{PUT}}
+ \newcommand{\REST}{\emph{REST}}
+ \newcommand{\RSS}{\emph{RSS}}
+ \newcommand{\SMTP}{\emph{SMTP}}
  \newcommand{\SQL}{\textsc{SQL}}
- \newcommand{\LDAP}{\textsc{LDAP}}
+ \newcommand{\SSO}{\emph{SSO}}
+ \newcommand{\TOTP}{\emph{TOTP}}
+ \newcommand{\TRACE}{\emph{TRACE}}
  \newcommand{\XML}{\textsc{XML}}
- \newcommand{\HTML}{\textsc{HTML}}
- \newcommand{\JSON}{\textsc{JSON}}
- \newcommand{\JQuery}{\textsc{JQuery}}
+ \newcommand{\XSS}{\emph{XSS}}
+ 
  
  % Reference naar de source
 -\newcommand{\srcref}[2]{{\small\texttt{#1}} (line (s) #2)}
 +\newcommand{\srcref}[2]{{\small\texttt{#1}} (line(s) #2)}
  
  % Pass en fail
  \newcommand{\pass}{{\large\ding{51}}}

diff --cc report/v11_httpsec.tex
index 44da93b,4fb8da8..186dccb
--- 1/report/v11_httpsec.tex
--- 2/report/v11_httpsec.tex
+++ b/report/v11_httpsec.tex
@@@ -35,10 -35,9 +35,10 @@@ Verify that a suitable X-FRAME-OPTIONS 
  in use for sites where content should not be
  viewed in a 3rd-party X-Frame.
  \begin{result}
-     The application will never supply an \texttt{X-FRAME-OPTIONS} header. While
+     The application will never supply an \code{X-FRAME-OPTIONS} header. While
      this is not really a problem for the home page, a 3rd party X-Frame should
 -    not be able to refer to the administrative interfaces of the application.
 +    not be able to refer to the administrative interfaces of the application
 +    and this should be fixed.
  \end{result}
  
  \item\pass{}

diff --cc report/v2_authentication.tex
Simple merge

diff --cc report/v3_session.tex
Simple merge

diff --cc report/v4_access.tex
Simple merge

diff --cc report/v5_input.tex
Simple merge

diff --cc report/v7_cryptography.tex
index 2d83ce2,da88237..4d32911
--- 1/report/v7_cryptography.tex
--- 2/report/v7_cryptography.tex
+++ b/report/v7_cryptography.tex
@@@ -22,10 -22,11 +22,10 @@@
    }
  
      \item
 -    \TODO{}
      Verify that cryptographic algorithms used by the application have been
-     validated against FIPS 140-2 or an equivalent standard.
+     validated against FIPS 140{-}2 or an equivalent standard.
      \begin{result}
 -    The application uses md-5 for password hashing, which should be insecure by
 +    The application uses MD5 for password hashing, which should be insecure by
        now.
      \end{result}