From: Mart Lubbers Date: Mon, 10 Oct 2016 17:45:20 +0000 (+0200) Subject: Merge branch 'master' of gitlab.science:mlubbers/ssproject1617 X-Git-Url: https://git.martlubbers.net/?a=commitdiff_plain;h=6e5db13cb9fd5b7bb29f9cff186e0d0046affa98;hp=7a6f68e66540b385411554fa48f2c259590b5d7b;p=ssproject1617.git Merge branch 'master' of gitlab.science:mlubbers/ssproject1617 --- diff --git a/report/.gitignore b/report/.gitignore index 7a6dcef..ec22c8a 100644 --- a/report/.gitignore +++ b/report/.gitignore @@ -4,6 +4,7 @@ *.toc *.bbl *.blg +*.out *.mlog *.run.xml *.pdf diff --git a/report/Makefile b/report/Makefile index 9426ffd..9ba9f50 100644 --- a/report/Makefile +++ b/report/Makefile @@ -20,5 +20,5 @@ all: $(DOC).pdf $(LATEX) $(LATEXFLAGS) $< || true clean: - $(RM) $(addprefix $(DOC).,aux log fmt toc bbl blg mlog run.xml pdf)\ + $(RM) $(addprefix $(DOC).,aux log fmt toc bbl blg mlog run.xml pdf out)\ $(DOC)-blx.bib logo.png diff --git a/report/organization.tex b/report/organization.tex new file mode 100644 index 0000000..e69de29 diff --git a/report/preamble.tex b/report/preamble.tex index 6882a00..8bc003b 100644 --- a/report/preamble.tex +++ b/report/preamble.tex @@ -3,11 +3,15 @@ \usepackage{rutitlepage} \usepackage{geometry} \usepackage{hyperref} +\usepackage{enumitem} +\usepackage[dvipsnames]{xcolor} -\hypersetup{% - hidelinks, - pdftitle={OWASP ASVS Souce Code Review Project} -} +\hypersetup{hidelinks, pdftitle={OWASP ASVS Souce Code Review Project}} + +% Als een criterium niet applicable is (we doen alleen 1 en 2) +\newcommand{\notapplicable}[1]{{\color{Gray} #1}} + +\renewcommand\thesubsection{V\arabic{subsection}} \author{% Kelley van Evert\\ diff --git a/report/reflection.tex b/report/reflection.tex new file mode 100644 index 0000000..e69de29 diff --git a/report/report.tex b/report/report.tex index 0197f3c..d44b94c 100644 --- a/report/report.tex +++ b/report/report.tex @@ -2,11 +2,35 @@ \begin{document} \maketitleru[course={Software Security}] \section{Organization} -\subsection{V2. Input Validation} -\input{v5_input.tex} +\input{organization.tex} \section{Verdict} +\addtocounter{subsection}{1} +\subsection{Authentication} + +\subsection{Session Management} + +\subsection{Access Control} + +\subsection{Input Validation} +\input{v5_input.tex} + +\subsection{Output Encoding/Escaping} + +\subsection{Cryptography at rest} + +\subsection{Error Handling \& logging} + +\subsection{Data Protection} + +\addtocounter{subsection}{1} +\subsection{HTTP Security} + +\addtocounter{subsection}{4} +\subsection{Files and Recourses} + \section{Reflection} +\input{reflection.tex} \end{document} diff --git a/report/v5_input.tex b/report/v5_input.tex index 161829c..618c2bf 100644 --- a/report/v5_input.tex +++ b/report/v5_input.tex @@ -1 +1,30 @@ -Hoi +\begin{enumerate}[label=5.\arabic*] + \item Verify that the runtime environment is not susceptible to buffer + overflows, or that security controls prevent buffer overflows. + + % They skip 5.2 + \addtocounter{enumi}{1} + \item Verify that server side input validation failures result in + request rejection and are logged. + + % They skip 5.4 + \addtocounter{enumi}{1} + \item Verify that input validation routines are enforced on the server + side. + + \item\notapplicable{Verify that a single input validation control is used + by the application for each type of data that is accepted.} + + % They skip 5.7-5.9 + \addtocounter{enumi}{3} + \item Verify that all SQL queries, HQL, OSQL, NOSQL and stored + procedures, calling of stored procedures are protected by the + use of prepared statements or query parameterization, and + thus not susceptible to SQL injection. + + \item Verify that the application is not susceptible to LDAP + Injection, or that security controls prevent LDAP Injection. + + \item Verify that the application is not susceptible to OS Command + Injection, or that security controls prevent OS Command Injection. +\end{enumerate}