Added empty verdicts for all 8.x checks.

diff --git a/report/v8_error.tex b/report/v8_error.tex
index e69de29..d61dcef 100644 (file)
--- a/report/v8_error.tex
+++ b/report/v8_error.tex
@@ -0,0 +1,99 @@
+\begin{enumerate}[label={8.\arabic*}]
+       \item\pass{} Verify that the application does not output error 
+               messages or stack traces containing sensitive data 
+               that could assist an attacker, 
+               including session id, 
+               software/framework versions and personal 
+               information.
+
+               \begin{result}
+               \end{result}
+       
+       \item\pass{} Verify that error handling logic in security controls 
+               denies access by default.
+
+               \begin{result}
+               \end{result}
+       
+       \item\pass{} Verify security logging controls provide the ability 
+               to log success and 
+               particularly failure events that 
+               are identified as security-relevant.
+
+               \begin{result}
+               \end{result}
+       
+       \item\pass{} Verify that each log event includes necessary 
+               information that would allow for a detailed 
+               investigation of the timeline when an event 
+               happens.
+
+               \begin{result}
+               \end{result}
+       
+       \item\pass{} Verify that all
+               events that include untrusted data 
+               will not execute as code in the intended log 
+               viewing software.
+
+               \begin{result}
+               \end{result}
+       
+       \item\pass{} Verify that security logs are protected from 
+               unauthorized access and modification.
+
+               \begin{result}
+               \end{result}
+       
+       \item\pass{} Verify that the application does not log 
+               sensitive 
+               data as defined under local privacy laws or 
+               regulations, organizational sensitive data as 
+               defined by a risk assessment, or sensitive 
+               authentication data that could assist an attacker, 
+               including user's session identifiers, passwords, 
+               hashes, or AP
+               I tokens.
+
+               \begin{result}
+               \end{result}
+       
+       \item\pass{} Verify that all non-printable symbols and field 
+               separators are properly encoded in log entries, to 
+               prevent log injection.
+
+               \begin{result}
+               \end{result}
+       
+       \item\pass{} Verify that log fields from trusted and untrusted 
+               sources are distinguishable in log entries.
+
+               \begin{result}
+               \end{result}
+       
+       \item\pass{} Verify that an audit log or similar allows for non-repudiation of key transactions.
+
+               \begin{result}
+               \end{result}
+       
+       \item\pass{} Verify that security logs have some form of 
+               integrity checking or controls to prevent 
+               unauthorized modification.
+
+               \begin{result}
+               \end{result}
+       
+       \item\pass{} Verify that the 
+               logs are stored on a different 
+               partition than the application is running with 
+               proper log rotation.
+
+               \begin{result}
+               \end{result}
+       
+       \item\pass{} Time sources should be synchronized to ensure 
+               logs have the correct time.
+
+               \begin{result}
+               \end{result}
+\end{enumerate}
\ No newline at end of file