WebAppSec/Security Review Request: Difference between revisions
Jump to navigation
Jump to search
| Line 24: | Line 24: | ||
== Additional Comments== | == Additional Comments== | ||
* Once the review is started it takes 1-2 weeks to complete | * Once the review is started it takes 1-2 weeks to complete | ||
* Critical reviews can be expedited. Please contact us directly as soon as possible | * Critical reviews can be expedited. Please contact us directly as soon as possible | ||
* Using standard frameworks such as django will decrease the security review time | * Using standard frameworks such as django will decrease the security review time | ||
* Also reference the [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines secure coding guidelines] to self evaluate and eliminate security issues prior to the security review | * Also reference the [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines secure coding guidelines] to self evaluate and eliminate security issues prior to the security review | ||
== Whiteboard Tags for Security Reviews == | == Whiteboard Tags for Security Reviews == | ||
Revision as of 18:53, 16 June 2011
Infrasec Security Review Request
- File a new bug within Bugzilla for the request.
- Block an existing deployment request bug with the infrasec review bug.
- Assign the bug to Product: Mozilla.org and Component: Infrastructure Security: Web Security.
Here is a direct bugzilla link - Please use this url. It populates important data into the bug for tracking - Make sure to copy mcoates <at> mozilla.com
- Within the request, please answer the questions below
Questions to Address within Request Body
Please copy these questions into the bug and answer inline.
- A quick intro to what this app does.
- Where is the source code located?
- Is there a stage server running that we can also test against? If so, please indicate what machine the web server is running on.
- Where would you like the bugs filed in bugzilla? Please specify the product, component and if anyone specific should be copied on the bugs.
- Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS.
- Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role.
- What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.)
- Does this website contain an administration page? If so, have the admin page blockers (listed here) all been addressed?
- This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
Additional Comments
- Once the review is started it takes 1-2 weeks to complete
- Critical reviews can be expedited. Please contact us directly as soon as possible
- Using standard frameworks such as django will decrease the security review time
- Also reference the secure coding guidelines to self evaluate and eliminate security issues prior to the security review
Whiteboard Tags for Security Reviews
These are the work flow tags for the web security review process.
Status Tags
- [pending secreview] - pending to be reviewed
- [in-progress secreview] - it is currently being worked on
- [completed secreview] - review completed
Waiting on tags
- [waiting on code complete] - waiting for the code to be completed
- [waiting on infra setup] - waiting on infrastructure to be setup