297
edits
Security/Reviews/CloudServices/Marketplace Payments: Difference between revisions
Security/Reviews/CloudServices/Marketplace Payments (view source)
Revision as of 04:23, 30 March 2015
, 30 March 2015→Threat Model: add items
(→Architecture Diagram: added payment flow tables) |
(→Threat Model: add items) |
||
| (27 intermediate revisions by the same user not shown) | |||
| Line 74: | Line 74: | ||
* Payments tied to FxA project wiki page - https://wiki.mozilla.org/CloudServices/Payments/FirefoxAccounts | * Payments tied to FxA project wiki page - https://wiki.mozilla.org/CloudServices/Payments/FirefoxAccounts | ||
* In App Payments - https://wiki.mozilla.org/Marketplace/InAppPayments | * In App Payments - https://wiki.mozilla.org/Marketplace/InAppPayments | ||
'''Project Links - Mana pages (Mozilla staff/contrib LDAP account needed)''' | '''Project Links - Mana pages (Mozilla staff/contrib LDAP account needed)''' | ||
| Line 94: | Line 93: | ||
* http://firefox-marketplace-api.readthedocs.org/en/latest/topics/payment.html#preparing-payment | * http://firefox-marketplace-api.readthedocs.org/en/latest/topics/payment.html#preparing-payment | ||
* http://firefox-marketplace-api.readthedocs.org/en/latest/topics/payment.html#payment-status | * http://firefox-marketplace-api.readthedocs.org/en/latest/topics/payment.html#payment-status | ||
* WebPayment API (navigator.Mozpay) - https://wiki.mozilla.org/WebAPI/WebPayment | |||
* Web Payments Provider - https://wiki.mozilla.org/WebAPI/WebPaymentProvider | |||
'''Related''' | '''Related''' | ||
Firefox Accounts Payments Proposal - https://wiki.mozilla.org/CloudServices/Payments/FirefoxAccounts | * Firefox Accounts Payments Proposal - https://wiki.mozilla.org/CloudServices/Payments/FirefoxAccounts | ||
* Jugband engineering metrics and activity for Marketplace - https://jugband.paas.allizom.org/ | * Jugband engineering metrics and activity for Marketplace - https://jugband.paas.allizom.org/ | ||
| Line 105: | Line 107: | ||
=== Use Cases === | === Use Cases === | ||
[https://webpay.readthedocs.org/en/latest/api.html Webpay] is an implementation of the [[WebAPI/WebPaymentProvider|WebPaymentProvider spec]]. It hosts the payment flow inside [https://developer.mozilla.org/en-US/docs/Web/API/Navigator/mozPay navigator.mozPay]() when making app purchases or in-app payments on Firefox OS. | |||
* Webpay provides a REST API for clients to interact with the server. | |||
* All API’s use JSON for request and responses. | |||
=== Data Flows === | === Data Flows === | ||
==== | ==== Diagrams ==== | ||
===== | ===== Payments Flow Sequence ===== | ||
[[Image:Pay_Flow_Sequence.png]] | [[Image:Pay_Flow_Sequence.png]] | ||
==== | ===== Payments Data Flow Diagram ===== | ||
[[Image:PaymentsDFD.jpg]] | |||
==== | ===== Pin Flow ===== | ||
[[Image:Pin-flow.png]] | |||
<br />''(Note: Persona was replaced with FxA)'' | |||
==== | === Architecture Diagram === | ||
=== | ====Top-level architecural view==== | ||
[[File:Mkt_layers.png|830px]] | |||
====Payment Systems Diagram==== | |||
[[File:Pmt systems.png|600px|Payment Systems diagram - by Wil Clouser]] | [[File:Pmt systems.png|600px|Payment Systems diagram - by Wil Clouser]] | ||
<br /> | <br />Logical diagram of Payments application services architecture. | ||
'''Diagram Key''' | |||
''' | |||
The dotted line from a red service goes to a breakout describing the logical components of its service stack. | The dotted line from a red service goes to a breakout describing the logical components of its service stack. | ||
| Line 166: | Line 144: | ||
Starting from a Red Services box, | Starting from a Red Services box, | ||
* Solid line represents dependency/backend component relationships | * Solid line represents dependency/backend component relationships | ||
* Dotted lines point to breakouts describing the logical components of a service stack | * Dotted lines point to breakouts describing the logical components of a service stack | ||
===== Mozilla Services ===== | ===== Mozilla Services ===== | ||
| Line 228: | Line 206: | ||
|- | |- | ||
| 7||Compromise web heads||The attacker could then leverage their access to attack other parts of the application environment or to serve arbitrary/manipulated content to users.||Mitigation possibilities are being discussed.||System access||12||3||4 – Reputation|| | | 7||Compromise web heads||The attacker could then leverage their access to attack other parts of the application environment or to serve arbitrary/manipulated content to users.||Mitigation possibilities are being discussed.||System access||12||3||4 – Reputation|| | ||
|- | |||
| 8||Appplication Theft||The attacker could begin a payment, cancel the payment, and craft a postback to the app server, fooling it into thinking the cancelled payment was successful. (BID 1145024)||Bug detected, application patched.||System access||12||3||4 – Reputation|| | |||
|- | |||
| 9||Appplication Theft||The attacker could modify the JWT for payment to craft $0 payment that executes successfully. (BID 1145024)||Bug detected, application patched.||System access||12||3||4 – Reputation|| | |||
|- | |- | ||
|} | |} | ||
==== User Interactions ==== | ==== User Interactions ==== | ||
| Line 301: | Line 283: | ||
| 4 || Open and communicate with MozPay || JavaScript library: fxpay | | 4 || Open and communicate with MozPay || JavaScript library: fxpay | ||
|} | |} | ||
==== Security Recommendations / Open Issues ==== | ==== Security Recommendations / Open Issues ==== | ||
| Line 362: | Line 318: | ||
* Large number of file uploads | * Large number of file uploads | ||
* Attempt to upload something other than expected file | * Attempt to upload something other than expected file | ||
=== Privacy Risk Analysis === | === Privacy Risk Analysis === | ||
| Line 402: | Line 355: | ||
=== Operation Security Requirements === | === Operation Security Requirements === | ||
Document network/platform security requirements here (e.g. IDS concerns, firewall changes, system hardening reqs, etc) | Document network/platform security requirements here (e.g. IDS concerns, firewall changes, system hardening reqs, etc) | ||
=== Critical Security Requirements === | === Critical Security Requirements === | ||
Itemize individual security blockers here. Reference components in section AppSec or OpSec subsections. | Itemize individual security blockers here. Reference components in section AppSec or OpSec subsections. | ||
| Line 412: | Line 362: | ||
=== Repeatable Security Test Cases === | === Repeatable Security Test Cases === | ||
Document individual repeatable security test cases here. Include a reference to the source repo, and documentation that governs how to execute test cases. | Document individual repeatable security test cases here. Include a reference to the source repo, and documentation that governs how to execute test cases. | ||
=== Secure Coding Guidelines === | === Secure Coding Guidelines === | ||
Document specific secure coding guidelines to be followed and relate them to specific issues/requirements that are specified; capture bug ids related to those issues. | Document specific secure coding guidelines to be followed and relate them to specific issues/requirements that are specified; capture bug ids related to those issues. | ||
| Line 423: | Line 374: | ||
==== Code Review ==== | ==== Code Review ==== | ||
==== Automated Security Testing ==== | ==== Automated Security Testing ==== | ||
* | * Minion scanner | ||
==== Manual Security Testing ==== | ==== Manual Security Testing ==== | ||