From: Daan Sprenkels <dsprenkels@gmail.com>
Date: Wed, 9 Nov 2016 12:56:41 +0000 (+0100)
Subject: Finished V11 HTTP security
X-Git-Url: https://git.martlubbers.net/?a=commitdiff_plain;h=def34a25c64324b54c947a676fb16c87bdbfc4fe;p=ssproject1617.git

Finished V11 HTTP security
---

diff --git a/report/v11_httpsec.tex b/report/v11_httpsec.tex
index bf075c6..2b86bac 100644
--- a/report/v11_httpsec.tex
+++ b/report/v11_httpsec.tex
@@ -52,29 +52,29 @@ information of system components.
     application is installed.
 \end{result}
 
-\item\pass{}
-\TODO \\
+\item\fail{}
 Verify that all API responses contain X-Content-Type-Options:
 nosniff and Content-Disposition:
 attachment; filename="api.json" (or other
 appropriate filename for the content type).
 \begin{result}
+    The application does not supply the \texttt{X-Content-Type-Options} header.
 \end{result}
 
-\item\pass{}
-\TODO \\
+\item\fail{}
 Verify that a content security policy (CSPv2) is in
 place that helps mitigate common DOM, XSS,
 JSON, and JavaScript injection vulnerabilities.
 \begin{result}
+    There is no content security policy in place.
 \end{result}
 
-\item\pass{}
-\TODO \\
+\item\fail{}
 Verify that the X-XSS-Protection: 1; mode=block
 header is in place to enable browser reflected XSS
 filters.
 \begin{result}
+    The application does not supply the \texttt{X-XSS-Protection} header.
 \end{result}
 
 \end{enumerate}