From e94a1a8972ac05861760c2e6606e72f8ee3aa869 Mon Sep 17 00:00:00 2001 From: charlie Date: Fri, 11 Nov 2016 20:18:36 +0100 Subject: [PATCH] Added notapplicable to items for Level 3 checks. --- report/v8_error.tex | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/report/v8_error.tex b/report/v8_error.tex index d839e86..4de794c 100644 --- a/report/v8_error.tex +++ b/report/v8_error.tex @@ -77,18 +77,12 @@ Documentation suggesting users should verify that the database driver they end up using doesn't include sensitive data in exception messages is absent. \end{result} - \item\pass{} Verify that all non-printable symbols and field +\notapplicable{\item Verify that all non-printable symbols and field separators are properly encoded in log entries, to - prevent log injection. + prevent log injection.} - \begin{result} - \end{result} - - \item\pass{} Verify that log fields from trusted and untrusted - sources are distinguishable in log entries. - - \begin{result} - \end{result} +\notapplicable{\item Verify that log fields from trusted and untrusted + sources are distinguishable in log entries.} \item\fail{} Verify that an audit log or similar allows for non-repudiation of key transactions. @@ -98,20 +92,14 @@ Only potential requests are logged even before it's verified such an action exists. \end{result} - \item\pass{} Verify that security logs have some form of +\notapplicable{\item Verify that security logs have some form of integrity checking or controls to prevent - unauthorized modification. - - \begin{result} - \end{result} + unauthorized modification.} - \item\pass{} Verify that the +\notapplicable{\item Verify that the logs are stored on a different partition than the application is running with - proper log rotation. - - \begin{result} - \end{result} + proper log rotation.} \item\fail{} Time sources should be synchronized to ensure logs have the correct time. -- 2.20.1