canmove, Confirmed users
637
edits
Security/Reviews/: Difference between revisions
Jump to navigation
Jump to search
m
typo fix
(added the template link) |
m (typo fix) |
||
| Line 12: | Line 12: | ||
No, this process is optional, to assist teams with understanding security issues related to their features. However this process is strongly encouraged for any security sensitive features i.e. those involving sensitive user data (PII or passwords), or features which involve browser security mechanisms like TLS, dom security APIs, permissions etc. | No, this process is optional, to assist teams with understanding security issues related to their features. However this process is strongly encouraged for any security sensitive features i.e. those involving sensitive user data (PII or passwords), or features which involve browser security mechanisms like TLS, dom security APIs, permissions etc. | ||
=== What is the | === What is the difference between Security Review and Security Testing === | ||
Security review is a high level design review intended to ensure that a feature considers all risks as part of the building of a feature. [[Security/Testing|Security Testing]] is specific testing of a feature once it is built to ensure that it is free of common implementation flaws, and also that any security controls critical to the feature are functioning correctly. | Security review is a high level design review intended to ensure that a feature considers all risks as part of the building of a feature. [[Security/Testing|Security Testing]] is specific testing of a feature once it is built to ensure that it is free of common implementation flaws, and also that any security controls critical to the feature are functioning correctly. | ||
=Legacy Reviews= | =Legacy Reviews= | ||
Old Security Review can be found here: [[Security/Archived/Reviews/]] | Old Security Review can be found here: [[Security/Archived/Reviews/]] | ||