|
|
| (20 intermediate revisions by 3 users not shown) |
| Line 1: |
Line 1: |
| = Infrasec Security Review Request =
| | #REDIRECT [[Security/Reviews/Review_Request_Form]] |
| | |
| #File a new bug within Bugzilla for the request. | |
| #Block an existing deployment request bug with the infrasec review bug.<br>
| |
| #Assign the bug to '''Product: Mozilla.org''' and '''Component: Infrastructure Security: Web Security'''. Here is a [https://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&component=Infrastructure Security: Web Security&rep_platform=v1_rep_platform&op_sys=v1_op_sys direct bugzilla link]
| |
| #Make sure to copy clyon <at> mozilla.com and mcoates <at> mozilla.com
| |
| #Within the request, please answer the questions below
| |
| | |
| | |
| | |
| == Questions to Address within Request Body ==
| |
| Please copy these questions into the bug and answer inline.
| |
| | |
| #A quick intro to what this app does.
| |
| #Where is the source code located?
| |
| #Is there a stage server running that we can also test against? If so, please indicate what machine the web server is running on.
| |
| #Where would you like the bugs filed in bugzilla? Please specify the product, component and if anyone specific should be copied on the bugs.
| |
| #Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS.
| |
| #Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role.
| |
| #What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.)
| |
| #This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?<br>
| |
| | |
| == Additional Comments==
| |
| | |
| * Standard lead time on security review requests is minimum 4-6 weeks
| |
| * Once the review is started it takes 1-2 weeks to complete
| |
| * Critical reviews can be expedited. Please contact us directly as soon as possible
| |
| * Using standard frameworks such as django will decrease the security review time
| |
| * Also reference the [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines secure coding guidelines] to self evaluate and eliminate security issues prior to the security review
| |