Security/Reviews/Identity: Difference between revisions

Jump to navigation Jump to search

Security/Reviews/Identity (view source)

Revision as of 22:34, 13 July 2011

2,706 bytes removed ,  13 July 2011
no edit summary
No edit summary
Line 90: Line 90:
=== Business Test Cases ===
=== Business Test Cases ===
Document application specific test cases here
Document application specific test cases here
== Stage 3: Planning ==
=== Application Security Requirements ===
Document individual requirements for the application here (e.g. CEF logging, captcha, etc)
=== Operation Security Requirements ===
Document network/platform security requirements here (e.g. IDS concerns, firewall changes, system hardening reqs, etc)
=== Critical Security Requirements ===
Itemize individual security blockers here.  Reference components in section AppSec or OpSec subsections.
These blockers must be addressed before the product can go live.
== Stage 4: Development ==
=== Repeatable Security Test Cases ===
Document individual repeatable security test cases here.  Include a reference to the source repo, and documentation that governs how to execute test cases.
=== Secure Coding Guidelines ===
Document specific secure coding guidelines to be followed and relate them to specific issues/requirements that are specified; capture bug ids related to those issues.
=== Code Review Milestones ===
Table 1 - itemized list of code review milestones {i.e. breakdown of specific components that will be reviewed}
Table 2 - list of app components/modules that should trigger additional security review (e.g. auth, csrf, file upload handling, etc)
== Stage 5: Release ==
=== Application Security Verification ===
These subsections should contain a list of the steps to be taken, and the status of each activity
==== Code Review ====
==== Automated Security Testing ====
==== Manual Security Testing ====
=== Operational Security Verification ===
==== ArcSight Information ====
==== Network Design Security Review ====
==== Database Security Review ====
==== Platform Security (Hardening & Specific Config Requirements) ====
=== Landing Criteria ===
This should be a table itemizing everything from Stage 3 - Critical Security Requirements, including status.
For status Red=Unimplemented,Yellow=implemented,Green=tested and passed?
== Stage 6: Post Implementation Review ==
=== Production Security Considerations ===
Document additional/ongoing work for this application (e.g. specific things to watch for in ArcSight, gaming behaviour, etc)
=== Post Implementation Tasks ===
Itemize process/kb changes developed from this project (e.g. secure coding guidelines, policy stuff, etc)
== Infrastructure Team Details ==
{| class="wikitable"
|Priority
|High
|-
|Goal Related
|Yes (2011Q3)
|-
|Primary Team
|Web Application Security
|}
== Team status notes ==
{| class="wikitable"
!
!status
!notes
|-
|Products
|tbd
| -
|-
|Engineering
| tbd
| -
|-
|Engineering
| tbd
| -
|-
|Engineering
| tbd
| -
|-
|Engineering
| tbd
| -
|-
|Engineering
| tbd
| -
|-
|Engineering
| tbd
| -
|-
|Engineering
| tbd
| -
|-
|Engineering
| tbd
| -
|}
Yboily
Confirmed users
180

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/329098"

Navigation menu