From def34a25c64324b54c947a676fb16c87bdbfc4fe Mon Sep 17 00:00:00 2001
From: Daan Sprenkels <dsprenkels@gmail.com>
Date: Wed, 9 Nov 2016 13:56:41 +0100
Subject: [PATCH] Finished V11 HTTP security

---
 report/v11_httpsec.tex | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/report/v11_httpsec.tex b/report/v11_httpsec.tex
index bf075c6..2b86bac 100644
--- a/report/v11_httpsec.tex
+++ b/report/v11_httpsec.tex
@@ -52,29 +52,29 @@ information of system components.
     application is installed.
 \end{result}
 
-\item\pass{}
-\TODO \\
+\item\fail{}
 Verify that all API responses contain X-Content-Type-Options:
 nosniff and Content-Disposition:
 attachment; filename="api.json" (or other
 appropriate filename for the content type).
 \begin{result}
+    The application does not supply the \texttt{X-Content-Type-Options} header.
 \end{result}
 
-\item\pass{}
-\TODO \\
+\item\fail{}
 Verify that a content security policy (CSPv2) is in
 place that helps mitigate common DOM, XSS,
 JSON, and JavaScript injection vulnerabilities.
 \begin{result}
+    There is no content security policy in place.
 \end{result}
 
-\item\pass{}
-\TODO \\
+\item\fail{}
 Verify that the X-XSS-Protection: 1; mode=block
 header is in place to enable browser reflected XSS
 filters.
 \begin{result}
+    The application does not supply the \texttt{X-XSS-Protection} header.
 \end{result}
 
 \end{enumerate}
-- 
2.20.1