From: Daan Sprenkels Date: Wed, 16 Nov 2016 11:16:40 +0000 (+0100) Subject: Merge branch 'master' of gitlab.science.ru.nl:mlubbers/ssproject1617 X-Git-Url: https://git.martlubbers.net/?a=commitdiff_plain;h=076d55f5ef92dca4c39a88ea191c15620bb8cd9e;p=ssproject1617.git Merge branch 'master' of gitlab.science.ru.nl:mlubbers/ssproject1617 --- 076d55f5ef92dca4c39a88ea191c15620bb8cd9e diff --cc report/preamble.tex index 0869d91,0e1a1ce..03b12fd --- a/report/preamble.tex +++ b/report/preamble.tex @@@ -36,16 -36,37 +36,37 @@@ ]{result} % Tools afkortingen + \newcommand{\API}{\emph{API}} + \newcommand{\CMS}{\emph{CMS}} + \newcommand{\CSRF}{\emph{CSRF}} + \newcommand{\DELETE}{\emph{DELETE}} + \newcommand{\DOM}{\emph{DOM}} + \newcommand{\GET}{\emph{GET}} + \newcommand{\GUID}{\emph{GUID}} + \newcommand{\HTMLF}{\textsc{HTML5}} + \newcommand{\HTML}{\textsc{HTML}} + \newcommand{\HTTPS}{\textsc{HTTPS}} + \newcommand{\HTTP}{\textsc{HTTP}} + \newcommand{\JQuery}{\textsc{JQuery}} + \newcommand{\JSON}{\textsc{JSON}} + \newcommand{\LDAP}{\textsc{LDAP}} \newcommand{\PHP}{\textsc{PHP}} + \newcommand{\PII}{\emph{PII}} + \newcommand{\POST}{\emph{POST}} + \newcommand{\PUT}{\emph{PUT}} + \newcommand{\REST}{\emph{REST}} + \newcommand{\RSS}{\emph{RSS}} + \newcommand{\SMTP}{\emph{SMTP}} \newcommand{\SQL}{\textsc{SQL}} - \newcommand{\LDAP}{\textsc{LDAP}} + \newcommand{\SSO}{\emph{SSO}} + \newcommand{\TOTP}{\emph{TOTP}} + \newcommand{\TRACE}{\emph{TRACE}} \newcommand{\XML}{\textsc{XML}} - \newcommand{\HTML}{\textsc{HTML}} - \newcommand{\JSON}{\textsc{JSON}} - \newcommand{\JQuery}{\textsc{JQuery}} + \newcommand{\XSS}{\emph{XSS}} + % Reference naar de source -\newcommand{\srcref}[2]{{\small\texttt{#1}} (line (s) #2)} +\newcommand{\srcref}[2]{{\small\texttt{#1}} (line(s) #2)} % Pass en fail \newcommand{\pass}{{\large\ding{51}}} diff --cc report/v11_httpsec.tex index 44da93b,4fb8da8..186dccb --- a/report/v11_httpsec.tex +++ b/report/v11_httpsec.tex @@@ -35,10 -35,9 +35,10 @@@ Verify that a suitable X-FRAME-OPTIONS in use for sites where content should not be viewed in a 3rd-party X-Frame. \begin{result} - The application will never supply an \texttt{X-FRAME-OPTIONS} header. While + The application will never supply an \code{X-FRAME-OPTIONS} header. While this is not really a problem for the home page, a 3rd party X-Frame should - not be able to refer to the administrative interfaces of the application. + not be able to refer to the administrative interfaces of the application + and this should be fixed. \end{result} \item\pass{} diff --cc report/v7_cryptography.tex index 2d83ce2,da88237..4d32911 --- a/report/v7_cryptography.tex +++ b/report/v7_cryptography.tex @@@ -22,10 -22,11 +22,10 @@@ } \item - \TODO{} Verify that cryptographic algorithms used by the application have been - validated against FIPS 140-2 or an equivalent standard. + validated against FIPS 140{-}2 or an equivalent standard. \begin{result} - The application uses md-5 for password hashing, which should be insecure by + The application uses MD5 for password hashing, which should be insecure by now. \end{result}