Confirmed users
491
edits
WebAppSec/Security Review Request: Difference between revisions
Jump to navigation
Jump to search
WebAppSec/Security Review Request (view source)
Revision as of 15:51, 2 November 2011
, 2 November 2011→Questions to Address within Request Body
| Line 24: | Line 24: | ||
#Will this application be collecting any personally identifiable information from users (email address, physical address, phone number, etc)? | #Will this application be collecting any personally identifiable information from users (email address, physical address, phone number, etc)? | ||
#Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS. | #Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS. | ||
#Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role. | #Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role. | ||
## Please create 2 accounts for each role supported in the application and add the username and password into the security review request bug. Without this information we can't begin our review. | |||
#What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.) | #What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.) | ||
#Does this website contain an administration page? If so, have the admin page blockers (listed [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Admin_Login_Pages here]) all been addressed? | #Does this website contain an administration page? If so, have the admin page blockers (listed [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Admin_Login_Pages here]) all been addressed? | ||