WebAppSec/Security Review Request: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
 
(13 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Infrasec Security Review Request  =
#REDIRECT [[Security/Reviews/Review_Request_Form]]
 
#File a new bug within Bugzilla for the request.
#Block an existing deployment request bug with the infrasec review bug.<br>
#Assign the bug to '''Product: Mozilla.org''' and '''Component: Infrastructure Security: Web Security'''. Here is a [https://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&component=Infrastructure%20Security:%20Web%20Security&rep_platform=v1_rep_platform&op_sys=v1_op_sys direct bugzilla link]
#Make sure to copy clyon <at> mozilla.com and mcoates <at> mozilla.com
#Within the request, please answer the questions below
 
 
 
== Questions to Address within Request Body ==
Please copy these questions into the bug and answer inline.
 
#A quick intro to what this app does.
#Where is the source code located?
#Is there a stage server running that we can also test against? If so, please indicate what machine the web server is running on.
#Where would you like the bugs filed in bugzilla? Please specify the product, component and if anyone specific should be copied on the bugs.
#Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS.
#Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role.
#What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.)
#Does this website contain an administration page? If so, have the admin page blockers (listed [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Admin_Login_Pages here]) all been addressed?
#This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?<br>
 
== Additional Comments==
 
* Standard lead time on security review requests is minimum 4-6 weeks
* Once the review is started it takes 1-2 weeks to complete
* Critical reviews can be expedited. Please contact us directly as soon as possible
* Using standard frameworks such as django will decrease the security review time
* Also reference the [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines secure coding guidelines] to self evaluate and eliminate security issues prior to the security review
 
 
== Whiteboard Tags for Security Reviews ==
These are the work flow tags for the web security review process.<br>
 
Status Tags
* '''[pending secreview]''' - pending to be reviewed
* '''[in-progress secreview]''' - it is currently being worked on
* '''[completed secreview]''' - review completed
<br>Waiting on tags
* '''[waiting on code complete]''' - waiting for the code to be completed
* '''[waiting on infra setup]''' - waiting on infrastructure to be setup

Latest revision as of 17:42, 27 March 2012

Redirect to:

Retrieved from "https://wiki.mozilla.org/index.php?title=WebAppSec/Security_Review_Request&oldid=412454"