32
edits
Changes
Automated sync from https://github.com/mozilla/wikimo_opsec
=== Description ===
Test driven systems security uses bateries a battery of tests ran run against a system to evaluate its conformance with security best practices. The tests can be ran daily, or trigger on-demand, making it easy to implement and review security controls in real time.
=== What you can do with this service ===
* Obtain a detailled detailed view of the security controls deployed on a system, or across an infrastructure.
* Fast iterations on the implementation and review of security controls. This is designed to accelerate the feedback loop between operational and security teams. immediate feedback is necessary.
: 30 minutes meeting with InfoSec.
; Service request
: [https://bugzilla.mozilla.org/enter_bug.cgi?product=Enterprise%20Information%20Security&component=Review Rapid%20Risk%20Analysis request bug]
=== Description ===
* Get your service recorded in a risk heatmap to compare it with other services.
* Find out if you need a threat model.
== Service: Vulnerability Assessment ==
; Support commitment
: Response within a week.
; Costs
: One or more meetings with InfoSec.
; Service request
: [https://bugzilla.mozilla.org/enter_bug.cgi?product=Enterprise%20Information%20Security&component=Vulnerability%20Assessment request bug]
=== Description ===
A vulnerability assessment is a semi-automated point-in-time assessment conducted by Mozilla Security using a vulnerability scanner and other “point and shoot” tools for an explicit set of target(s). May include a validation component, depending on scope and service risk.
=== What you can do with this service ===
* Quickly identify commonly known vulnerabilities/misconfigurations in your application ranked by severity
* Get a sense of a vendor systems security posture if the vendor is not forthcoming but is willing to be scanned
* Get a manual verification of vulnerabilities/misconfigurations to weed out false positives (optional - based on scope and risk)
== Service: Threat Modeling ==
: One or more meeting with InfoSec.
; Service request
: [https://bugzilla.mozilla.org/enter_bug.cgi?product=Enterprise%20Information%20Security&component=Review Threat%20Modeling request bug]
=== Description ===
: One or more meeting with InfoSec.
; Service request
: [https://bugzilla.mozilla.org/enter_bug.cgi?product=Enterprise%20Information%20Security&component=Review Penetration%20Test request bug]
=== Description ===
