Finished V11 HTTP security

diff --git a/report/v11_httpsec.tex b/report/v11_httpsec.tex
index bf075c6..2b86bac 100644 (file)
--- a/report/v11_httpsec.tex
+++ b/report/v11_httpsec.tex
@@ -52,29 +52,29 @@ information of system components.
     application is installed.
 \end{result}
 
-\item\pass{}
-\TODO \\
+\item\fail{}
 Verify that all API responses contain X-Content-Type-Options:
 nosniff and Content-Disposition:
 attachment; filename="api.json" (or other
 appropriate filename for the content type).
 \begin{result}
+    The application does not supply the \texttt{X-Content-Type-Options} header.
 \end{result}
 
-\item\pass{}
-\TODO \\
+\item\fail{}
 Verify that a content security policy (CSPv2) is in
 place that helps mitigate common DOM, XSS,
 JSON, and JavaScript injection vulnerabilities.
 \begin{result}
+    There is no content security policy in place.
 \end{result}
 
-\item\pass{}
-\TODO \\
+\item\fail{}
 Verify that the X-XSS-Protection: 1; mode=block
 header is in place to enable browser reflected XSS
 filters.
 \begin{result}
+    The application does not supply the \texttt{X-XSS-Protection} header.
 \end{result}
 
 \end{enumerate}