From 5675de2255bdfceb293ed7418a0478bc0af7cd75 Mon Sep 17 00:00:00 2001 From: Mart Lubbers Date: Mon, 10 Oct 2016 19:45:17 +0200 Subject: [PATCH 1/1] Add true skeleton --- report/.gitignore | 1 + report/Makefile | 2 +- report/organization.tex | 0 report/preamble.tex | 12 ++++++++---- report/reflection.tex | 0 report/report.tex | 28 ++++++++++++++++++++++++++-- report/v5_input.tex | 31 ++++++++++++++++++++++++++++++- 7 files changed, 66 insertions(+), 8 deletions(-) create mode 100644 report/organization.tex create mode 100644 report/reflection.tex diff --git a/report/.gitignore b/report/.gitignore index b4b1e45..30d00fd 100644 --- a/report/.gitignore +++ b/report/.gitignore @@ -4,6 +4,7 @@ *.toc *.bbl *.blg +*.out *.mlog *.run.xml *.pdf diff --git a/report/Makefile b/report/Makefile index 20d0aa5..a4ec3a0 100644 --- a/report/Makefile +++ b/report/Makefile @@ -24,5 +24,5 @@ all: $(DOC).pdf convert -density 300 $< -resize x1000 $@ clean: - $(RM) $(addprefix $(DOC).,aux log fmt toc bbl blg mlog run.xml pdf)\ + $(RM) $(addprefix $(DOC).,aux log fmt toc bbl blg mlog run.xml pdf out)\ $(DOC)-blx.bib logo.png diff --git a/report/organization.tex b/report/organization.tex new file mode 100644 index 0000000..e69de29 diff --git a/report/preamble.tex b/report/preamble.tex index 6882a00..8bc003b 100644 --- a/report/preamble.tex +++ b/report/preamble.tex @@ -3,11 +3,15 @@ \usepackage{rutitlepage} \usepackage{geometry} \usepackage{hyperref} +\usepackage{enumitem} +\usepackage[dvipsnames]{xcolor} -\hypersetup{% - hidelinks, - pdftitle={OWASP ASVS Souce Code Review Project} -} +\hypersetup{hidelinks, pdftitle={OWASP ASVS Souce Code Review Project}} + +% Als een criterium niet applicable is (we doen alleen 1 en 2) +\newcommand{\notapplicable}[1]{{\color{Gray} #1}} + +\renewcommand\thesubsection{V\arabic{subsection}} \author{% Kelley van Evert\\ diff --git a/report/reflection.tex b/report/reflection.tex new file mode 100644 index 0000000..e69de29 diff --git a/report/report.tex b/report/report.tex index 0197f3c..d44b94c 100644 --- a/report/report.tex +++ b/report/report.tex @@ -2,11 +2,35 @@ \begin{document} \maketitleru[course={Software Security}] \section{Organization} -\subsection{V2. Input Validation} -\input{v5_input.tex} +\input{organization.tex} \section{Verdict} +\addtocounter{subsection}{1} +\subsection{Authentication} + +\subsection{Session Management} + +\subsection{Access Control} + +\subsection{Input Validation} +\input{v5_input.tex} + +\subsection{Output Encoding/Escaping} + +\subsection{Cryptography at rest} + +\subsection{Error Handling \& logging} + +\subsection{Data Protection} + +\addtocounter{subsection}{1} +\subsection{HTTP Security} + +\addtocounter{subsection}{4} +\subsection{Files and Recourses} + \section{Reflection} +\input{reflection.tex} \end{document} diff --git a/report/v5_input.tex b/report/v5_input.tex index 161829c..618c2bf 100644 --- a/report/v5_input.tex +++ b/report/v5_input.tex @@ -1 +1,30 @@ -Hoi +\begin{enumerate}[label=5.\arabic*] + \item Verify that the runtime environment is not susceptible to buffer + overflows, or that security controls prevent buffer overflows. + + % They skip 5.2 + \addtocounter{enumi}{1} + \item Verify that server side input validation failures result in + request rejection and are logged. + + % They skip 5.4 + \addtocounter{enumi}{1} + \item Verify that input validation routines are enforced on the server + side. + + \item\notapplicable{Verify that a single input validation control is used + by the application for each type of data that is accepted.} + + % They skip 5.7-5.9 + \addtocounter{enumi}{3} + \item Verify that all SQL queries, HQL, OSQL, NOSQL and stored + procedures, calling of stored procedures are protected by the + use of prepared statements or query parameterization, and + thus not susceptible to SQL injection. + + \item Verify that the application is not susceptible to LDAP + Injection, or that security controls prevent LDAP Injection. + + \item Verify that the application is not susceptible to OS Command + Injection, or that security controls prevent OS Command Injection. +\end{enumerate} -- 2.20.1