Merge branch 'master' of https://gitlab.science.ru.nl/mlubbers/ssproject1617

diff --git a/report/report.tex b/report/report.tex
index a131312..63f0c6d 100644 (file)
--- a/report/report.tex
+++ b/report/report.tex
@@ -51,10 +51,6 @@
   \subsection{\HTTP{} Security}
   \input{v11_httpsec.tex}
 
-  \addtocounter{subsection}{4}
-  \subsection{Files and Recourses}
-  TODO
-
   \renewcommand\thesubsection{\arabic{section}.\arabic{subsection}}
 
 

diff --git a/report/v11_httpsec.tex b/report/v11_httpsec.tex
index 186dccb..1b0cc4f 100644 (file)
--- a/report/v11_httpsec.tex
+++ b/report/v11_httpsec.tex
@@ -18,7 +18,7 @@ Verify that every \HTTP{} response contains a
 content type header specifying a safe character set
 (e.g., \emph{UTF-8}, \emph{ISO 8859{-}1}).
 \begin{result}
-    Content type headers may be set anywhere in the application. Furthermure,
+    Content type headers may be set anywhere in the application. Furthermure,\\
     \code{Response::send} ensures that if no content type header is set, all
     responses will fall back to using \code{text/html; charset=UTF-8}.
 \end{result}

diff --git a/report/v2_authentication.tex b/report/v2_authentication.tex
index ea7cbe5..69d1d00 100644 (file)
--- a/report/v2_authentication.tex
+++ b/report/v2_authentication.tex
@@ -221,8 +221,8 @@ stored in a protected location.
 
     However, the installation instructions state the following:
     \begin{verbatim}
-Change the file permissions to allow all users write access to the folder
-you extracted testcms to.
+Change the file permissions to allow all users write access to the
+folder you extracted testcms to.
     \end{verbatim}
     This implies making the configuration file readable for all users on the
     system. This information should not be accessible for any user other than

diff --git a/report/v7_cryptography.tex b/report/v7_cryptography.tex
index 4d32911..b7bef87 100644 (file)
--- a/report/v7_cryptography.tex
+++ b/report/v7_cryptography.tex
@@ -22,11 +22,12 @@
   }
 
     \item
+    \fail{}
     Verify that cryptographic algorithms used by the application have been
     validated against FIPS 140{-}2 or an equivalent standard.
     \begin{result}
-    The application uses MD5 for password hashing, which should be insecure by
-      now.
+    The application uses MD5 for password hashing, which is insecure by current
+    standards
     \end{result}
 
   \notapplicable{

diff --git a/report/v8_error.tex b/report/v8_error.tex
index 200fd44..3559c50 100644 (file)
--- a/report/v8_error.tex
+++ b/report/v8_error.tex
@@ -27,7 +27,7 @@
 
                \begin{result}
                Failed login attempts or password resets are not logged at all.
-               Only actual crashes/unrecoverable errors are logged.
+               Only actual crashes or unrecoverable errors are logged.
                Failed/unauthorized installation attempts won't get logged either.
                \end{result}
 

diff --git a/report/v9_data.tex b/report/v9_data.tex
index d43c21e..0e4e2f5 100644 (file)
--- a/report/v9_data.tex
+++ b/report/v9_data.tex
@@ -71,7 +71,7 @@
                        Vacuously: data is not stored on the client side.
                \end{result}
 
-       \item\pass{} Verify accessing sensitive data is logged, if the data is
+       \item\fail{} Verify accessing sensitive data is logged, if the data is
                collected under relevant data protection directives or
                where logging of accesses is required.
 
@@ -84,7 +84,7 @@
                to mitigate memory dumping attacks.
 
                \begin{result}
-                       I consider this outside of the scope of the \CMS{}'s security requirements, as it is written in, and thus relies on the (memory) security of, \PHP{}.
+                       We consider this outside of the scope of the \CMS{}'s security requirements, as it is written in, and thus relies on the (memory) security of, \PHP{}.
                \end{result}
 
 \end{enumerate}