From 5675de2255bdfceb293ed7418a0478bc0af7cd75 Mon Sep 17 00:00:00 2001
From: Mart Lubbers <mart@martlubbers.net>
Date: Mon, 10 Oct 2016 19:45:17 +0200
Subject: [PATCH] Add true skeleton
---
report/.gitignore | 1 +
report/Makefile | 2 +-
report/organization.tex | 0
report/preamble.tex | 12 ++++++++----
report/reflection.tex | 0
report/report.tex | 28 ++++++++++++++++++++++++++--
report/v5_input.tex | 31 ++++++++++++++++++++++++++++++-
7 files changed, 66 insertions(+), 8 deletions(-)
create mode 100644 report/organization.tex
create mode 100644 report/reflection.tex
diff --git a/report/.gitignore b/report/.gitignore
index b4b1e45..30d00fd 100644
--- a/report/.gitignore
+++ b/report/.gitignore
@@ -4,6 +4,7 @@
*.toc
*.bbl
*.blg
+*.out
*.mlog
*.run.xml
*.pdf
diff --git a/report/Makefile b/report/Makefile
index 20d0aa5..a4ec3a0 100644
--- a/report/Makefile
+++ b/report/Makefile
@@ -24,5 +24,5 @@ all: $(DOC).pdf
convert -density 300 $< -resize x1000 $@
clean:
- $(RM) $(addprefix $(DOC).,aux log fmt toc bbl blg mlog run.xml pdf)\
+ $(RM) $(addprefix $(DOC).,aux log fmt toc bbl blg mlog run.xml pdf out)\
$(DOC)-blx.bib logo.png
diff --git a/report/organization.tex b/report/organization.tex
new file mode 100644
index 0000000..e69de29
diff --git a/report/preamble.tex b/report/preamble.tex
index 6882a00..8bc003b 100644
--- a/report/preamble.tex
+++ b/report/preamble.tex
@@ -3,11 +3,15 @@
\usepackage{rutitlepage}
\usepackage{geometry}
\usepackage{hyperref}
+\usepackage{enumitem}
+\usepackage[dvipsnames]{xcolor}
-\hypersetup{%
- hidelinks,
- pdftitle={OWASP ASVS Souce Code Review Project}
-}
+\hypersetup{hidelinks, pdftitle={OWASP ASVS Souce Code Review Project}}
+
+% Als een criterium niet applicable is (we doen alleen 1 en 2)
+\newcommand{\notapplicable}[1]{{\color{Gray} #1}}
+
+\renewcommand\thesubsection{V\arabic{subsection}}
\author{%
Kelley van Evert\\
diff --git a/report/reflection.tex b/report/reflection.tex
new file mode 100644
index 0000000..e69de29
diff --git a/report/report.tex b/report/report.tex
index 0197f3c..d44b94c 100644
--- a/report/report.tex
+++ b/report/report.tex
@@ -2,11 +2,35 @@
\begin{document}
\maketitleru[course={Software Security}]
\section{Organization}
-\subsection{V2. Input Validation}
-\input{v5_input.tex}
+\input{organization.tex}
\section{Verdict}
+\addtocounter{subsection}{1}
+\subsection{Authentication}
+
+\subsection{Session Management}
+
+\subsection{Access Control}
+
+\subsection{Input Validation}
+\input{v5_input.tex}
+
+\subsection{Output Encoding/Escaping}
+
+\subsection{Cryptography at rest}
+
+\subsection{Error Handling \& logging}
+
+\subsection{Data Protection}
+
+\addtocounter{subsection}{1}
+\subsection{HTTP Security}
+
+\addtocounter{subsection}{4}
+\subsection{Files and Recourses}
+
\section{Reflection}
+\input{reflection.tex}
\end{document}
diff --git a/report/v5_input.tex b/report/v5_input.tex
index 161829c..618c2bf 100644
--- a/report/v5_input.tex
+++ b/report/v5_input.tex
@@ -1 +1,30 @@
-Hoi
+\begin{enumerate}[label=5.\arabic*]
+ \item Verify that the runtime environment is not susceptible to buffer
+ overflows, or that security controls prevent buffer overflows.
+
+ % They skip 5.2
+ \addtocounter{enumi}{1}
+ \item Verify that server side input validation failures result in
+ request rejection and are logged.
+
+ % They skip 5.4
+ \addtocounter{enumi}{1}
+ \item Verify that input validation routines are enforced on the server
+ side.
+
+ \item\notapplicable{Verify that a single input validation control is used
+ by the application for each type of data that is accepted.}
+
+ % They skip 5.7-5.9
+ \addtocounter{enumi}{3}
+ \item Verify that all SQL queries, HQL, OSQL, NOSQL and stored
+ procedures, calling of stored procedures are protected by the
+ use of prepared statements or query parameterization, and
+ thus not susceptible to SQL injection.
+
+ \item Verify that the application is not susceptible to LDAP
+ Injection, or that security controls prevent LDAP Injection.
+
+ \item Verify that the application is not susceptible to OS Command
+ Injection, or that security controls prevent OS Command Injection.
+\end{enumerate}
--
2.20.1