Add true skeleton

diff --git a/report/.gitignore b/report/.gitignore
index b4b1e45..30d00fd 100644 (file)
--- a/report/.gitignore
+++ b/report/.gitignore
@@ -4,6 +4,7 @@
 *.toc
 *.bbl
 *.blg
+*.out
 *.mlog
 *.run.xml
 *.pdf

diff --git a/report/Makefile b/report/Makefile
index 20d0aa5..a4ec3a0 100644 (file)
--- a/report/Makefile
+++ b/report/Makefile
@@ -24,5 +24,5 @@ all: $(DOC).pdf
        convert -density 300 $< -resize x1000 $@
 
 clean:
-       $(RM) $(addprefix $(DOC).,aux log fmt toc bbl blg mlog run.xml pdf)\
+       $(RM) $(addprefix $(DOC).,aux log fmt toc bbl blg mlog run.xml pdf out)\
                $(DOC)-blx.bib logo.png

diff --git a/report/organization.tex b/report/organization.tex
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/report/preamble.tex b/report/preamble.tex
index 6882a00..8bc003b 100644 (file)
--- a/report/preamble.tex
+++ b/report/preamble.tex
@@ -3,11 +3,15 @@
 \usepackage{rutitlepage}
 \usepackage{geometry}
 \usepackage{hyperref}
+\usepackage{enumitem}
+\usepackage[dvipsnames]{xcolor}
 
-\hypersetup{%
-       hidelinks,
-       pdftitle={OWASP ASVS Souce Code Review Project}
-}
+\hypersetup{hidelinks, pdftitle={OWASP ASVS Souce Code Review Project}}
+
+% Als een criterium niet applicable is (we doen alleen 1 en 2)
+\newcommand{\notapplicable}[1]{{\color{Gray} #1}}
+
+\renewcommand\thesubsection{V\arabic{subsection}}
 
 \author{%
        Kelley van Evert\\

diff --git a/report/reflection.tex b/report/reflection.tex
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/report/report.tex b/report/report.tex
index 0197f3c..d44b94c 100644 (file)
--- a/report/report.tex
+++ b/report/report.tex
@@ -2,11 +2,35 @@
 \begin{document}
 \maketitleru[course={Software Security}]
 \section{Organization}
-\subsection{V2. Input Validation}
-\input{v5_input.tex}
+\input{organization.tex}
 
 \section{Verdict}
+\addtocounter{subsection}{1}
+\subsection{Authentication}
+
+\subsection{Session Management}
+
+\subsection{Access Control}
+
+\subsection{Input Validation}
+\input{v5_input.tex}
+
+\subsection{Output Encoding/Escaping}
+
+\subsection{Cryptography at rest}
+
+\subsection{Error Handling \& logging}
+
+\subsection{Data Protection}
+
+\addtocounter{subsection}{1}
+\subsection{HTTP Security}
+
+\addtocounter{subsection}{4}
+\subsection{Files and Recourses}
+
 
 \section{Reflection}
+\input{reflection.tex}
 
 \end{document}

diff --git a/report/v5_input.tex b/report/v5_input.tex
index 161829c..618c2bf 100644 (file)
--- a/report/v5_input.tex
+++ b/report/v5_input.tex
@@ -1 +1,30 @@
-Hoi
+\begin{enumerate}[label=5.\arabic*]
+       \item Verify that the runtime environment is not susceptible to buffer
+               overflows, or that security controls prevent buffer overflows.
+
+       % They skip 5.2
+       \addtocounter{enumi}{1}
+       \item Verify that server side input validation failures result in 
+               request rejection and are logged.
+
+       % They skip 5.4
+       \addtocounter{enumi}{1}
+       \item Verify that input validation routines are enforced on the server
+               side.
+
+       \item\notapplicable{Verify that a single input validation control is used
+               by the application for each type of data that is accepted.}
+
+       % They skip 5.7-5.9
+       \addtocounter{enumi}{3}
+       \item Verify that all SQL queries, HQL, OSQL, NOSQL and stored 
+               procedures, calling of stored procedures are protected by the 
+               use of prepared statements or query parameterization, and 
+               thus not susceptible to SQL injection.
+
+       \item Verify that the application is not susceptible to LDAP
+               Injection, or that security controls prevent LDAP Injection.
+
+       \item Verify that the application is not susceptible to OS Command
+               Injection, or that security controls prevent OS Command Injection.
+\end{enumerate}