Confirmed users
491
edits
Security/Reviews/Review Request Form: Difference between revisions
Jump to navigation
Jump to search
Security/Reviews/Review Request Form (view source)
Revision as of 23:05, 3 April 2013
, 3 April 2013→Security Assurance Vendor Review Request
| Line 67: | Line 67: | ||
#**certificate based authentication | #**certificate based authentication | ||
#**secret token | #**secret token | ||
#*Are authentication secrets (e.g. passwords) stored in a non-reversible form within your database (e.g. hashing)? | |||
#* What type of hashing algorithm do you use (e.g. sha512, md5, bcrypt)? | |||
#* Are salts added to the hashing algorithm which are unique for each user? | |||
#* Will user passwords (or authentication secrets) be available to any other users via any functionality (example, admin users can see clear text passwords of users)? | |||
#*Do you use third party servers or do you host the servers yourself? | #*Do you use third party servers or do you host the servers yourself? | ||
#*Do you use any third party services or communicate with any third parties from this application? | #*Do you use any third party services or communicate with any third parties from this application? | ||
| Line 72: | Line 76: | ||
#*Will testing of the running application be possible? | #*Will testing of the running application be possible? | ||
#*Will source code for their application be available? | #*Will source code for their application be available? | ||
#*Do you have attestation reports from any other vendors regarding your security posture? | |||
#*Do you have any other security certifications that may be relevant? | |||
= A bug is filed now what?= | = A bug is filed now what?= | ||