Security/Reviews/Gaia/Template: Difference between revisions

Security/Reviews/Gaia/Template (view source)

Revision as of 00:32, 15 July 2014

44 bytes removed , 15 July 2014

no edit summary

Ptheriault

canmove, Confirmed users

1,220

edits

@@ Line 1: / Line 1: @@
-=== Overview ===
+= Overview =
-==== Details ====
+== Details ==
 * App:
 * Review Date:
@@ Line 6: / Line 6: @@
 * Branch Reviewed:
 * Review Lead:
-==== Context ====
+== Context ==
 * High level description of what the app does
 * Why are we reviewing it  (high level threats)
 * Any previous reviews
 * Links to related reviews
-==== Scope ====
+== Scope ==
 * What did we look at
 * source links
 * does it include shared components
-====Architecture====
+== Architecture ==
 * High level code paths, data flow, functionality
 * Interaction between components
 * Interaction with external agents
 * Generally good spot to put a diagram
-==== Documentation ====
+== Documentation ==
 * links to further information, design documentation etc
 * links to relevant bugs (perhaps even a bug table if there are a few)
-=== Design Review ===
+= Design Review =
 * Permissions: list permission, why are they used
 * Messages
@@ Line 31: / Line 31: @@
 * Connections (IAC):
 * Other manifest properties (e.g redirects,origin, entry points etc)
-==== Threat Analysis ====
+== Threat Analysis ==
 * List of threats
 * Mitigating controls
 * Discussion of the threats
-=== Implementation Review ===
+= Implementation Review =
-==== Enumerate data input & outputs, key data flows etc ====
+== Enumerate data input & outputs, key data flows etc ==
 * server communication
 * user input
 * other inputs (indexeddb,
 * views/templates
-===Checklist===
+==Checklist==
 * XSS & HTML Injection attacks
 * Secure Communications
@@ Line 64: / Line 64: @@
 * Shared files
 * Permission Specific Auditing?
-=== Actions & Recommendations ===
+= Actions & Recommendations =
 <bugzilla>
    {